Prof Shvartzshnaider co-authored a paper on "Measuring NIST Authentication Standards Compliance by Higher Education Institutions" with Noah Apthorpe and Boen Beavers, Colgate University and Brett Frischmann, Villanova University that will appear in the processing of the Twenty-First Symposium on Usable Privacy and Security
"In this paper, we examine the authentication policies of a diverse set of 135 colleges and universities in the United States and Canada to determine compliance with four standards from NIST Special Publication 800-63 Digital Identity Guidelines.
We find widespread, but not universal, deployment of multi-factor authentication across institutions. We also find prevalent outdated use of password expiration, password composition rules, and knowledge-based authentication. These results support further investment and research into incentive structures for standards compliance and the diffusion of expert guidance to practitioners."