Multi-Factor Authentication to Systems Login

ALSaleem, Bandar Omar; Al-Shoshan, Abdullah I.

doi:10.1109/nccc49330.2021.9428806

Cited by 14 publications

(5 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on the findings shown in Table 5, it is evident that every one of the reviewed methods, except for references [28,34,36,37,40,41,43,48,50], is capable of resisting direct observation SSAs. All of the methods that were examined, with the exception of [33], were unable to withstand video-recorded and multiple-observation SSAs.…”

Section: Rq4: How Effective Are the Selected Recognition-based Method...mentioning

confidence: 99%

“…As a result of this, the attackers are unable to determine whether the image that was clicked was the decoy image or the registered image. In the cases of [32,33,[35][36][37][44][45][46]48,52,53], the registered icons and the decoy icons are not clicked. Consequently, it would be difficult for the attackers to make any intelligent analysis to distinguish which icons are the registered icons and which are the decoys.…”

Section: Rq2 What Pass-objects Are Used For Authentication In These M...mentioning

confidence: 99%

See 1 more Smart Citation

Systemic Literature Review of Recognition-Based Authentication Method Resistivity to Shoulder-Surfing Attacks

Adebimpe,

Ng,

Idris

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

The rapid advancement of information technology (IT) has given rise to a new era of efficient and fast communication and transactions. However, the increasing adoption of and reliance on IT has led to the exposure of personal and sensitive information online. Safeguarding this information against unauthorized access remains a persistent challenge, necessitating the implementation of improved computer security measures. The core objective of computer security is to ensure the confidentiality, availability, and integrity of data and services. Among the mechanisms developed to counter security threats, authentication stands out as a pivotal defense strategy. Graphical passwords have emerged as a popular authentication approach, yet they face vulnerability to shoulder-surfing attacks, wherein an attacker can clandestinely observe a victim’s actions. Shoulder-surfing attacks present a significant security challenge within the realm of graphical password authentication. These attacks occur when an unauthorized individual covertly observes the authentication process of a legitimate user by shoulder surfing the user or capturing the interaction through a video recording. In response to this challenge, various methods have been proposed to thwart shoulder-surfing attacks, each with distinct advantages and limitations. This study thus centers on reviewing the resilience of existing recognition-based graphical password techniques against shoulder-surfing attacks by conducting a comprehensive examination and evaluation of their benefits, strengths, and weaknesses. The evaluation process entailed accessing pertinent academic resources through renowned search engines, including Web of Science, Science Direct, IEEE Xplore, ProQuest, Scopus, Springer, Wiley Online Library, and EBSCO. The selection criteria were carefully designed to prioritize studies that focused on recognition-based graphical password methods. Through this rigorous approach, 28 studies were identified and subjected to a thorough review. The results show that fourteen of them adopted registered objects as pass-objects, bolstering security through object recognition. Additionally, two methods employed decoy objects as pass-objects, enhancing obfuscation. Notably, one technique harnessed both registered and decoy objects, amplifying the security paradigm. The results also showed that recognition-based graphical password techniques varied in their resistance to different types of shoulder-surfing attacks. Some methods were effective in preventing direct observation attacks, while others were vulnerable to video-recorded and multiple-observation attacks. This vulnerability emerged due to attackers potentially extracting key information by analyzing user interaction patterns in each challenge set. Notably, one method stood out as an exception, demonstrating resilience against all three types of shoulder-surfing attacks. In conclusion, this study contributes to a comprehensive understanding of the efficacy of recognition-based graphical password methods in countering shoulder-surfing attacks by analyzing the diverse strategies employed by these methods and revealing their strengths and weaknesses.

show abstract

Section: Rq4: How Effective Are the Selected Recognition-based Method...mentioning

confidence: 99%

Section: Rq2 What Pass-objects Are Used For Authentication In These M...mentioning

confidence: 99%

Systemic Literature Review of Recognition-Based Authentication Method Resistivity to Shoulder-Surfing Attacks

Adebimpe,

Ng,

Idris

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…Nearly no new approaches or schemes on GP for web apps were done between 2016 and 2020, and researchers preferred to use GP in cloud computing and mobile computing instead [18][19][20][21][22][23][24]. They tended to improve the GP for cloud services and web applications start in 2020 [1,18,19,[22][23][24][25][26][27][28][29].…”

Section: Related Workmentioning

confidence: 99%

“…i) simple password; ii) graphical password; iii) Biometric password; iv)third-party authentication; v)3D password object [18]. According to a survey done on users authenticated by all five levels of authentication, they sent their views on They observed that when using a multi-level password, it increases the password security and reduces password breaking, but it also increases the user's frustration [18,19,27,28 ]. The 3D password object and third party are not supported on it, and the biometric isn't preferred because of the user's personal characteristics changing [19,26].…”

Section: Related Workmentioning

confidence: 99%

Choice-Based Graphical Password (CGP) Scheme for web applications

Seksak,

Amin,

Zarif

2023

IJCI. International Journal of Computers and Information

View full text Add to dashboard Cite

Today Authentication is an essential mechanism in information security. It was used to identify authorized users and safeguard systems against hackers and spies. A graphical password (GP) is a password that employs graphics rather than text to gain access to computers. The GP is still not widely used in the actual world because users are frustrated by the numerous Login phases and the selection of various determined images from prior techniques, therefore they have returned to textual passwords. The vast majority of research has failed to discover a means to increase overall security, usability, memorability, and login time. In this paper, a novel Choice-Based Graphical Password (CGP) Scheme for Web Applications is proposed. The scheme is a two-level multifactor authentication: textual and recognition. During registration, the user first registered his/her data, and then the system assigned him/her a random and unique number. The second, user chose an image from CGP's dataset or from his/her device. CGP then resized and blurred the user-selected image before encrypting and storing it in the CGP database. The attacker claimed that the image was one element, but it was a combination of five factors (user name, user number, and his/her registered image with the same name, size, and resolution), making it difficult to guess and resistant to several attacks using The Common Attack Pattern Enumeration and Classification (CAPEC). The proposed CGP scheme's performance evaluation enhanced a 36% increase in password space, a 33% increase in possible password numbers, and a 36% increase in entropy when compared to prior methods. Our CGP approach met the challenge of the password being secure, memorable, user-friendly, and time-saving.

show abstract

“…No one wants to face stealing identity or some private information like accounting, financial, personal (PII), or health data. [1,2] Usually, users don't want to memorize small secrets (in this context we mean passwords) and try to write them on stickers and place them on their monitor.…”

Section: Introductionmentioning

confidence: 99%

Comparison of information security methods of information-communication infrastructure: Multi-Factor Authentication

Safin,

Abdiraman,

Nurusheva

et al. 2022

bultechenukz

View full text Add to dashboard Cite

Sensitive information was always one of the big trade-offs we always exchange big secrets for small ones. On one hand, memorization of small secrets on the other hand tons of services requires a dedicated secret for each one. And when one of the services will be compromised it affects all services with the same password and credential. The main purpose of this article is to discuss multiple factors and increase security trade-offs differently. We will try to compare MFA (Multi-Factor Authentication), 2FA (Two Factor Authentication), 2SV (Two-Step Verification), and 1FA (One Factor Authentication) and investigate the password-free future.

show abstract

Multi-Factor Authentication to Systems Login

Cited by 14 publications

References 8 publications

Systemic Literature Review of Recognition-Based Authentication Method Resistivity to Shoulder-Surfing Attacks

Systemic Literature Review of Recognition-Based Authentication Method Resistivity to Shoulder-Surfing Attacks

Choice-Based Graphical Password (CGP) Scheme for web applications

Comparison of information security methods of information-communication infrastructure: Multi-Factor Authentication

Contact Info

Product

Resources

About