Understanding user perceptions of transparent authentication on a mobile device

Crawford, Heather; Renaud, Karen

doi:10.1186/2196-064x-1-7

Cited by 54 publications

(36 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, continuous authentication, active authentication, implicit authentication, and transparent authentication have been interchangeably used in many papers [10,120,131,132]. Patel et al [5] considered continuous authentication and active authentication systems as similar and explained it as continuous monitoring of the user activities after the initial access to the mobile device.…”

Section: Evaluation Enrollment Presentationmentioning

confidence: 99%

“…is concept stresses more on the procedure of collecting and analyzing user authentication identifiers [4,10]. More specifically, if the system performs authentication steps in background (without requiring explicitly user cooperation) [10,31], they are termed as implicit, transparent, or unobtrusive authentication systems.…”

Section: Transparent Authenticationmentioning

confidence: 99%

“…More specifically, if the system performs authentication steps in background (without requiring explicitly user cooperation) [10,31], they are termed as implicit, transparent, or unobtrusive authentication systems. However, various authentication types (one-shot, riskbased, or continuous) could collect input transparently.…”

Section: Transparent Authenticationmentioning

confidence: 99%

“…risk-based; transparent [3,5,10,113,[119][120][121] [8,12,29,112,113,[115][116][117][122][123][124][125][126][127] end], P, auth}" holding of 3 prime attributes, where "begin" is authorization start date, "end" is either the constant ∞, or a deauthorization date after the start date, "P" is the duration of a session, and "auth" is an authorization function. Feng et al [4] determined that periodic authentication or automatic logouts are more detrimental while one-shot authentication solutions are prone to a wide variety of attacks.…”

Section: Modalitiesmentioning

confidence: 99%

“…at modality could be used as standalone or to complement the explicit authentication schemes to enhance their usability [8,9]. More speci cally the concept of transparent authentication is explained as implicitly ngerprinting the user's device interaction logs to authenticate the user [10].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access

Gupta

Buriro

Crispo

2018

Mobile Information Systems

View full text Add to dashboard Cite

Smartphones are the most popular and widespread personal devices. Apart from their conventional use, that is, calling and texting, they have also been used to perform multiple security sensitive activities, such as online banking and shopping, social networking, taking pictures, and e-mailing. On a positive side, smartphones have improved the quality of life by providing multiple services that users desire, for example, anytime-anywhere computing. However, on the other side, they also pose security and privacy threats to the users' stored data. User authentication is the first line of defense to prevent unauthorized access to the smartphone. Several authentication schemes have been proposed over the years; however, their presentation might be perplexing to the new researchers to this domain, under the shade of several buzzwords, for example, active, continuous, implicit, static, and transparent, being introduced in academic papers without comprehensive description. Moreover, most of the reported authentication solutions were evaluated mainly in terms of accuracy, overlooking a very important aspect-the usability. is paper surveys various types and ways of authentication, designed and developed primarily to secure the access to smartphones and attempts to clarify correlated buzzwords, with the motivation to assist new researchers in understanding the gist behind those concepts. We also present the assessment of existing user authentication schemes exhibiting their security and usability issues.

show abstract

Section: Evaluation Enrollment Presentationmentioning

confidence: 99%

Section: Transparent Authenticationmentioning

confidence: 99%

Section: Transparent Authenticationmentioning

confidence: 99%

Section: Modalitiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access

Gupta

Buriro

Crispo

2018

Mobile Information Systems

View full text Add to dashboard Cite

show abstract

Behavioral Biometrics in Mobile Banking and Payment Applications

Kałużny

2019

Business Information Systems Workshops

View full text Add to dashboard Cite

ICT Systems Security and Privacy Protection

Hölbl

Rannenberg

Welzer

2020

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Risk-based Authentication (RBA) is an adaptive security measure that improves the security of password-based authentication by protecting against credential stuffing, password guessing, or phishing attacks. RBA monitors extra features during login and requests for an additional authentication step if the observed feature values deviate from the usual ones in the login history. In state-of-the-art RBA re-authentication deployments, users receive an email with a numerical code in its body, which must be entered on the online service. Although this procedure has a major impact on RBA's time exposure and usability, these aspects were not studied so far. We introduce two RBA re-authentication variants supplementing the de facto standard with a link-based and another code-based approach. Then, we present the results of a betweengroup study (N=592) to evaluate these three approaches. Our observations show with significant results that there is potential to speed up the RBA re-authentication process without reducing neither its security properties nor its security perception. The link-based re-authentication via "magic links", however, makes users significantly more anxious than the code-based approaches when perceived for the first time. Our evaluations underline the fact that RBA re-authentication is not a uniform procedure. We summarize our findings and provide recommendations.

show abstract

Understanding user perceptions of transparent authentication on a mobile device

Cited by 54 publications

References 38 publications

Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access

Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access

Behavioral Biometrics in Mobile Banking and Payment Applications

ICT Systems Security and Privacy Protection

Contact Info

Product

Resources

About