Mapping the Authentication Landscape: A User-Centric View

Abstract

Authentication is the frontline security control that protects the digitalised society—and paradoxically, it is also the most frequently exploited in breaches. As online services permeate every aspect of life, from banking and healthcare to workplace systems, authentication has become a critical safeguard for citizens and organisations. Yet, the complexity of managing multiple credentials and diverse authentication methods introduces vulnerabilities that attackers routinely exploit. Despite this, research has often examined authentication in isolation—focusing on single methods or user behaviours—without considering the broader ecosystem users navigate daily. This paper reframes authentication as an authentication landscape, a multidimensional environment encompassing all features and experiences users encounter when accessing digital systems. Through a systematic literature review of 43 peer-reviewed articles from leading Information Systems, Cybersecurity, and Human-Computer Interaction journals, we identify ten key features shaping this landscape: (1) services and systems, (2) diversity of methods, (3) guidance and restrictions, (4) devices, (5) security products, (6) use context, (7) culture and relationships, (8) user responsibilities, (9) accessibility, and (10) threat outlook. Our analysis reveals that authentication complexity—driven by proliferating accounts, evolving technologies, and inconsistent policies—creates fertile ground for security lapses. Different aspects of the landscape may lead users to trade security for convenience, adopt risky coping strategies, or struggle with contradictory guidance, amplifying systemic vulnerabilities. The implications are urgent: strengthening authentication cannot rely on piecemeal improvements to individual methods when advances in technology demand a comprehensive readjustment. Designers, policymakers, and security professionals must address the authentication landscape holistically to reduce attack surfaces and enhance resilience. Future research can operationalise the identified features to study users’ landscape perception. For practice, this perspective informs the design of authentication systems and awareness programs that align with users’ lived realities. By recognising authentication as a complex, interconnected landscape, we advance the discourse toward strategies that safeguard not just individual accounts but the integrity of the digital society itself.