Get 20M+ Full-Text Papers For Less Than $1.50/day. Subscribe now for You or Your Team.

Learn More →

Leveraging autobiographical memory for two-factor online authentication

Leveraging autobiographical memory for two-factor online authentication PurposeTwo-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords serve as the first authentication factor, a common approach to implementing the second factor is sending a one-time code, either via e-mail or text message. The prevalence of smartphones, however, creates security risks in which a stolen phone leads to user’s accounts being accessed. Physical tokens such as RSA’s SecurID create extra burdens for users and cannot be used on many accounts at once. This study aims to improve the usability and security for two-factor online authentication.Design/methodology/approachThe authors propose a novel second authentication factor that, similar to passwords, is also based on something the user knows but operates similarly to a one-time code for security purposes. The authors design this component to provide higher security guarantee with minimal memory burden and does not require any additional communication channels or hardware. Motivated by psychology research, the authors leverage users’ autobiographical memory in a novel way to create a secure and memorable component for two-factor authentication.FindingsIn a multi-session lab study, all of the participants were able to log in successfully on the first attempt after a one-week delay from registration and reported satisfaction on the usability of the scheme.Originality/valueThe results indicate that the proposed approach to leverage autobiographical memory is a promising direction for further research on second authentication factor based on something the user knows. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information and Computer Security Emerald Publishing

Leveraging autobiographical memory for two-factor online authentication

Loading next page...
 
/lp/emerald-publishing/leveraging-autobiographical-memory-for-two-factor-online-Q4AxNdJHlf

References (36)

Publisher
Emerald Publishing
Copyright
Copyright © Emerald Group Publishing Limited
ISSN
2056-4961
DOI
10.1108/ICS-01-2016-0005
Publisher site
See Article on Publisher Site

Abstract

PurposeTwo-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords serve as the first authentication factor, a common approach to implementing the second factor is sending a one-time code, either via e-mail or text message. The prevalence of smartphones, however, creates security risks in which a stolen phone leads to user’s accounts being accessed. Physical tokens such as RSA’s SecurID create extra burdens for users and cannot be used on many accounts at once. This study aims to improve the usability and security for two-factor online authentication.Design/methodology/approachThe authors propose a novel second authentication factor that, similar to passwords, is also based on something the user knows but operates similarly to a one-time code for security purposes. The authors design this component to provide higher security guarantee with minimal memory burden and does not require any additional communication channels or hardware. Motivated by psychology research, the authors leverage users’ autobiographical memory in a novel way to create a secure and memorable component for two-factor authentication.FindingsIn a multi-session lab study, all of the participants were able to log in successfully on the first attempt after a one-week delay from registration and reported satisfaction on the usability of the scheme.Originality/valueThe results indicate that the proposed approach to leverage autobiographical memory is a promising direction for further research on second authentication factor based on something the user knows.

Journal

Information and Computer SecurityEmerald Publishing

Published: Oct 10, 2016

There are no references for this article.