Usable comprehensive-factor authentication for a secure time attendance system

Vorakulpipat, Chalee; Pichetjamroen, Sasakorn; Rattanalerdnusorn, Ekkachan

doi:10.7717/peerj-cs.678

Cited by 6 publications

(12 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These are the things that a user knows, like usernames & passwords, PINs, and answers to secret questions (Ali et al, 2020a;Vorakulpipat et al, 2021). They are typically used for single-factor authentication and offer little security when implemented alone.…”

Section: Concept Of Authenticationmentioning

confidence: 99%

“…These are the things that a user has, including a SIM card, mobile phone, Smart card, OTP token, or FIDO2 security key (Ali et al, 2020a;Vorakulpipat et al, 2021).…”

Section: (Ii) Possession Factors (Something You Have)mentioning

confidence: 99%

“…They are unique physical and behavioural traits of the user. Examples of the inherence factor are biometric fingerprints, face, iris, retina, and voice (Ali et al, 2020a;Vorakulpipat et al, 2021).…”

Section: (Iii) Inherence Factors (Something You Are)mentioning

confidence: 99%

“…verification process where the authenticating party requires users seeking access to the system to present multiple authentication credentials linked to their identity to ensure the security of the account. The primary purpose is to increase the safety of the authentication systems, services, information, and privacy so that it is challenging for attackers to compromise (Ometov et al, 2018;Devasena, 2018;Vorakulpipat et al, 2021). For MFA to be successfully implemented, one of the verification factors must be kept away from the device for accessing the system or resources (Australian Cyber Security Centre [ACSC], 2019).…”

Section: Single-factor Authentication (Sfa)mentioning

confidence: 99%

“…For MFA to be successfully implemented, one of the verification factors must be kept away from the device for accessing the system or resources (Australian Cyber Security Centre [ACSC], 2019). The MFA provides a higher security level through multiple user login credentials to protect the devices, systems, and resources from intruders (Taher et al, 2019;Ibrokhimov et al, 2019;Vorakulpipat et al, 2021;Chishti et al, 2021;Kebande et al, 2021). It also helps achieve consistency in organisations (Lone & Mir, 2021).…”

Section: Single-factor Authentication (Sfa)mentioning

confidence: 99%

See 4 more Smart Citations

Development of a secure multi-factor authentication algorithm for mobile money applications

Guma¹

View full text Add to dashboard Cite

With the evolution of industry 4.0, financial technologies have become paramount and mobile money as one of the financial technologies has immensely contributed to improving financial inclusion among the unbanked population. Several mobile money schemes were developed but, they suffered severe authentication security challenges since they implemented two-factor authentication. This study focused on developing a secure multi-factor authentication (MFA) algorithm for mobile money applications. It uses personal identification numbers, one-time passwords, biometric fingerprints, and quick response codes to authenticate and authorize mobile money subscribers. Secure hash algorithm-256, Rivest-Shamir-Adleman encryption, and Fernet encryption were used to secure the authentication factors, confidential financial information and data before transmission to the remote databases. A literature review, survey, evolutionary prototyping model, and heuristic evaluation and usability testing methods were used to identify authentication issues, develop prototypes of native genuine mobile money (G-MoMo) applications, and identify usability issues with the interface designs and ascertain their usability, respectively. The results of the review grouped the threat models into attacks against privacy, authentication, confidentiality, integrity, and availability. The survey identified authentication attacks, identity theft, phishing attacks, and PIN sharing as the key mobile money systems’ security issues. The researcher designed a secure MFA algorithm for mobile money applications and developed three native G-MoMo applications to implement the designed algorithm to prove the feasibility of the algorithm and that it provided robust security. The algorithm was resilient to non-repudiation, ensured strong authentication security, data confidentiality, integrity, privacy, and user anonymity, was highly effective against several attacks but had high communication overhead and computational costs. Nevertheless, the heuristic evaluation results showed that the G-MoMo applications’ interface designs lacked forward navigation buttons, uniformity in the applications’ menu titles, search fields, actions needed for recovery, and help and documentation. Similarly, the usability testing revealed that they were easy to learn, effective, efficient, memorable, with few errors, subscriber satisfaction, easy to use, aesthetic, easy to integrate, and understandable. Implementing a secure mobile money authentication and authorisation by combining multiple factors which are securely stored helps mobile money subscribers and other stakeholders to have trust in the developed native G-MoMo applications.

show abstract

Section: Concept Of Authenticationmentioning

confidence: 99%

“…These are the things that a user has, including a SIM card, mobile phone, Smart card, OTP token, or FIDO2 security key (Ali et al, 2020a;Vorakulpipat et al, 2021).…”

Section: (Ii) Possession Factors (Something You Have)mentioning

confidence: 99%

Section: (Iii) Inherence Factors (Something You Are)mentioning

confidence: 99%

Section: Single-factor Authentication (Sfa)mentioning

confidence: 99%