Leveraging autobiographical memory for two-factor online authentication. (10th October 2016)
- Record Type:
- Journal Article
- Title:
- Leveraging autobiographical memory for two-factor online authentication. (10th October 2016)
- Main Title:
- Leveraging autobiographical memory for two-factor online authentication
- Authors:
- Al-Ameen, Mahdi Nasrullah
Haque, S.M. Taiabul
Wright, Matthew - Abstract:
- Abstract : Purpose: Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords serve as the first authentication factor, a common approach to implementing the second factor is sending a one-time code, either via e-mail or text message. The prevalence of smartphones, however, creates security risks in which a stolen phone leads to user's accounts being accessed. Physical tokens such as RSA's SecurID create extra burdens for users and cannot be used on many accounts at once. This study aims to improve the usability and security for two-factor online authentication. Design/methodology/approach: The authors propose a novel second authentication factor that, similar to passwords, is also based on something the user knows but operates similarly to a one-time code for security purposes. The authors design this component to provide higher security guarantee with minimal memory burden and does not require any additional communication channels or hardware. Motivated by psychology research, the authors leverage users' autobiographical memory in a novel way to create a secure and memorable component for two-factor authentication. Findings: In a multi-session lab study, all of the participants were able to log in successfully on the first attempt after a one-week delay from registration and reported satisfaction on the usability of the scheme. Originality/value: TheAbstract : Purpose: Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords serve as the first authentication factor, a common approach to implementing the second factor is sending a one-time code, either via e-mail or text message. The prevalence of smartphones, however, creates security risks in which a stolen phone leads to user's accounts being accessed. Physical tokens such as RSA's SecurID create extra burdens for users and cannot be used on many accounts at once. This study aims to improve the usability and security for two-factor online authentication. Design/methodology/approach: The authors propose a novel second authentication factor that, similar to passwords, is also based on something the user knows but operates similarly to a one-time code for security purposes. The authors design this component to provide higher security guarantee with minimal memory burden and does not require any additional communication channels or hardware. Motivated by psychology research, the authors leverage users' autobiographical memory in a novel way to create a secure and memorable component for two-factor authentication. Findings: In a multi-session lab study, all of the participants were able to log in successfully on the first attempt after a one-week delay from registration and reported satisfaction on the usability of the scheme. Originality/value: The results indicate that the proposed approach to leverage autobiographical memory is a promising direction for further research on second authentication factor based on something the user knows. … (more)
- Is Part Of:
- Information and computer security. Volume 24:Number 4(2016)
- Journal:
- Information and computer security
- Issue:
- Volume 24:Number 4(2016)
- Issue Display:
- Volume 24, Issue 4 (2016)
- Year:
- 2016
- Volume:
- 24
- Issue:
- 4
- Issue Sort Value:
- 2016-0024-0004-0000
- Page Start:
- 386
- Page End:
- 399
- Publication Date:
- 2016-10-10
- Subjects:
- User authentication -- Autobiographical memory -- Usable security
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-01-2016-0005 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 2268.xml