Usable security of authentication process: New approach and practical assessment

Maha M. Althobaiti, Pam Mayhew

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Authentication mechanisms are considered the typical method to secure financial websites. Context authentication has become increasingly important in the arena of online banking, which involves sensitive data that belong to users who trust their banks. Multifactor authentication is the most commonly used method of strengthening the log-in process in e-banking. Developing a usable and secure authentication approach and method is the most challenging area for researchers in the fields of security and Human-Computer Interaction (HCI). This paper describes a work-in-progress towards a new approach for authenticating users when access online banking by giving them the opportunity to choose their preferred method to log into e-banking. In our complex experiment with 100 online banking customers, we simulate an original online banking platform based on the proposed approach; then, we evaluate the usability and security of three different methods and assess user awareness of the most visible security design flaws. The initial result shows that the new system model was able to assess the usability and security of different multifactor authentication methods and it is considered a first attempt towards a usable and secure authentication approach.

Original languageEnglish
Title of host publication2015 10th International Conference for Internet Technology and Secured Transactions, ICITST 2015
PublisherThe Institute of Electrical and Electronics Engineers (IEEE)
Pages179-180
Number of pages2
ISBN (Print)9781908320520
DOIs
Publication statusPublished - 17 Feb 2016
Event10th International Conference for Internet Technology and Secured Transactions - London, United Kingdom
Duration: 14 Dec 201516 Dec 2015

Conference

Conference10th International Conference for Internet Technology and Secured Transactions
Abbreviated titleICITST 2015
Country/TerritoryUnited Kingdom
CityLondon
Period14/12/1516/12/15

Keywords

  • authentication
  • E-banking
  • HCI
  • security
  • usability

Cite this