An Effective Tool for Assessing the Composite Vulnerability of Multifactor Authentication Technologies

While multifactor authentication technologies continue to advance and adoption rates for those technologies increase, there exists a need to characterize the composite vulnerability score for complete authentication solutions. To meet this need, we propose an extension to the Common Vulnerability Scoring System (CVSS) v3 calculator to provide an aggregate score for any metric category, enabling organizations and researchers to succinctly determine the composite vulnerability impact of authentication factor multiplicity. This chapter has presented a novel mathematical approach and demonstrated the approach through a real-world application which is a comparative study on the composite vulnerability of two different multifactor authentication technologies.