A Method of Risk Assessment for Multi-Factor Authentication (original) (raw)
Related papers
Регион и мир / Region and the World
Multi-factor Authentication (MFA) has emerged as an important security measure to protect sensitive information and prevent unauthorized access in an increasingly interconnected world. In this article, we introduced the multi-factor authentication system we developed, which is a security mechanism and not only offers multiple authentication methods for users to verify their identity, but does it all in a clearly fixed order, which increases the level of security on vulnerable websites and minimizes the loss of accounts. This toolkit is flexible in its structure and can be used both separately and as an integral system. One of the advantages is that users themselves choose the authentication system and their order. All this slightly complicates the authentication process, but guarantees security from cyber attacks.
Authentication systems: A literature review and classification
One of the most important parts of any system is authentication. Appreciated as the first and the last line of defense in the great majority of cases, authentication systems can usually prevent the kleptomaniac from unauthorized accessing to users' data. However, the traditional text-based password is still used in many websites and applications which are vulnerable to different kinds of attacks. Accordingly, there exist some other alternative ways to boost this traditional method. In this study, we classified and identified different types of authentication systems in a variety of platforms. Their usage, similarity, usability, performance and drawbacks were discussed. The goal of this study is to provide useful, classified information with the aim of understanding of how different authentication systems work and of what their usability and drawbacks are to the readers.
2018
Over the last few years, there has been an almost exponential increase of the number of mobile applications that deal with sensitive data, such as applications for e-commerce or health. When dealing with sensitive data, classical authentication solutions based on username-password pairs are not enough, and multi-factor authentication solutions that combine two or more authentication elements of different categories are required. Many different such solutions are available, but they usually cover the scenario of a user accessing web applications on their laptops, whereas in this paper we focus on native mobile applications. This changes the exploitable attack surface and thus requires a specific analysis. In this paper, we present the design, the formal specification and the security analysis of a solution that allows users to access different mobile applications through a multi-factor authentication solution providing a Single Sign-On experience. The formal and automated analysis th...
A Survey on Multi-Factor Authentication for Online Banking in the Wild
Computers & Security
In recent years, the usage of online banking services has considerably increased. To protect the sensitive resources managed by these services against attackers, banks have started adopting Multi-Factor Authentication (MFA). To date, a variety of MFA solutions have been implemented by banks, leveraging different designs and features and providing a non-homogeneous level of security and user experience. Public and private authorities have defined laws and guidelines to guide the design of more secure and usable MFA solutions, but their influence on existing MFA implementations remains unclear. In this work, we present a latitudinal study on the adoption of MFA and the design choices made by banks operating in different countries. In particular, we evaluate the MFA solutions currently adopted in the banking sector in terms of (i) compliance with laws and best practices, (ii) robustness against attacks and (iii) complexity. We also investigate possible correlations between these criteria. Based on this study, we identify a number of lessons learned and open challenges.
Most banks now offer their services online, which is known as online banking. Bank activities involve very sensitive information. Due to the high level of fraud banks have recently introduced a new authentication method which requires the users to provide more than one factor to authenticate themselves which is known as Multi Factor Authentication (MFA). But means of improving the security might compromise the level of usability of the website. Being a country with less IT literate people the researcher assumes that introduction of MFA might have an impact on the Sri Lankan online users. This paper presents an empirical study on the level of usability of MFA mechanisms used by Sri Lankan banks at present as experienced by the users. According to the results it was identified the number of online banking users are less in Sri Lanka, but they are accepting the MFA methods as usable.
The usage of sensitive online services and applications such as online banking, e-commerce etc is increasing day by day. These technologies have tremendously improved making our daily life easier. However, these developments have been accompanied by E-piracy where attackers try to get access to services illegally. As sensitive information flow through Internet, they need support for security properties such as authentication, authorization, data confidentiality. Perhaps static password (User ID & password) is the most common and widely accepted authentication method. Online applications need strong password such as a combination of alphanumeric with special characters. In general, having one password for a single service may be easy to remember, but controlling many passwords for different services poses a tedious task on users online applications . Usually users try to use same password for different services or make slight changes in the password which can be easy for attacker to guess adding increased security threat. In order to overcome this, stronger authentication solutions need to be suggested and adapted for services based network.
Analysis and Intellectual Structure of the Multi-Factor Authentication in Information Security
Intelligent Automation & Soft Computing, 2022
This study presents the current state of research on multi-factor authentication. Authentication is one of the important traits in the security domain as it ensures that legitimate users have access to the secure resource. Attacks on authentication occur even before digital access is given, but it becomes quite challenging with remote access to secure resources. With increasing threats to single authentication schemes, 2Factor and later multi-factor authentication approaches came into practice. Several studies have been done in the multi-factor authentication discipline, and most of them proposed the best possible approaches, but there are very limited studies in the area that can comprehend all these innovative and effective approaches. Using Web of Science data of the research publications on the topic, the study adopted the bibliometric approach to find the evolution of authentication in the security domain, especially multi-factor authentication. This study finds the impact of the research in the selected domain using bibliometric analysis. This research also identifies the key research trends that most of the researchers are paying attention to. The highest number of publications on multi-factor authentication were published in 2019 while the highest number of citations were received in 2014. United States, India, and China are the leading countries publishing the most on multi-factor authentication.
Web access authentication systems and their security parameters
International journal of applied research, 2016
Previous Web access authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. This paper proposes a new protocol using multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce extra security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy, that does not require any change in infrastructure or protocol of wireless networks. This Protocol for Wireless Payment is extended to provide two way authentications.
Enhanced E-Commerce Application Security using Three Factor Authentication
International Journal for Research in Applied Science and Engineering Technology IJRASET, 2020
As we all know that e-commerce playing an inevitable role in our day to day life. As much as technology makes things easier for us, it makes ourselves open to online attacks. For online transactions, all we have to do is login to our account and do the transaction. Currently, financial sites use static passwords, which are easier for customers to use. These may lead to the user's account into risk. Given enough time and number of attempts, an attacker can easily access login. Static passwords can be vulnerable to attacks such as shoulder-surfing, dictionary attacks and so on. By constantly altering the password, as is done with a one time password, this risk can be greatly reduced[4]. We propose a system with different authentication methods for targeting online financial websites. E-Commerce applications use OTP to provide security by changing the password every time, so OTP is preferred. For a personal recognition biometric techniques can be used. Unlike other biometric, fingerprint is unique. Noisy password is a strong alternative for static password. Hence, we are trying to incorporate a combination of all the three to provide a secure method to perform E-transaction in E-Commerce applications.