Two Factor Authentication Made Easy

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9114)

Abstract

Authentication on the Web is a challenge that can have a negative effect on user experience if it becomes overly complicated and cumbersome. This experience is even more crucial for older and visually impaired users due to their functional abilities. Web applications typically authenticate users by requesting for information that only the user knows (e.g. password). To enhance security, two-factor authentication (2FA) are increasingly implemented, which require the user to manually transfer information between 2FA devices and the Web application. This process can impose usability barriers and stress on human’s memory. This paper proposes a technique to mitigate such issues by using wearables as the 2FA device, and to allow authentication information to be transferred seamlessly and automatically from the device to the Web application. From our preliminary results, older users found our approach less stressful on the human’s memory and easier to use.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    business password analysis - trustwave. https://gsr.trustwave.com/topics/business-password-analysis/2014-business-password-analysis/ (accessed February 13, 2015)
  2. 2.
    Is leaked? https://isleaked.com/ (accessed: February 13, 2015)
  3. 3.
    Microsoft account - android apps on google play. https://play.google.com/store/apps/details?id=com.microsoft.msa.authenticator&hl=en (accessed: February 13, 2015)
  4. 4.
    Security alerts from knowem: Gmail hack. https://securityalert.knowem.com/ (accessed: February 13, 2015)
  5. 5.
    Alghathbar, K., Mahmoud, H.: Noisy password scheme: A new one time password system. In: Canadian Conference on Electrical and Computer Engineering, CCECE 2009, pp. 841–846 (2009)Google Scholar
  6. 6.
    Ben-David, A., Berkman, O., Matias, Y., Patel, S., Paya, C., Yung, M.: Contextual OTP: Mitigating Emerging Man-in-the-Middle Attacks with Wireless Hardware Tokens. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 30–47. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  7. 7.
    Brown, A., Jay, C., Chen, A.Q., Harper, S.: The Uptake of Web 2.0 Technologies, and Its Impact On Visually Disabled Users. Universal Access in the Information Society 11, 185–199 (2012)CrossRefGoogle Scholar
  8. 8.
    Chasteen, A.L., Bhattacharyya, S., Horhota, M., Tam, R., Hasher, L.: How feelings of stereotype threat influence older adults’ memory performance. Experimental Aging Research 31(3), 235–260 (2005)CrossRefGoogle Scholar
  9. 9.
    Czaja, S.J., Charness, N., Fisk, A.D., Hertzog, C., Nair, S.N., Rogers, W.A., Sharit, J.: Factors predicting the use of technology: Findings from the center for research and education on aging and technology enhancement (create). Psychology and Aging 21(2), 333–352 (2006)CrossRefGoogle Scholar
  10. 10.
    De Cristofaro, E., Du, H., Freudiger, J., Norcie, G.: A comparative usability study of Two-Factor authentication (2014). http://arxiv.org/abs/1309.5344
  11. 11.
    Grim, E.: Two-factor authentication systems and methods (2013). https://www.google.com/patents/US8578454, US Patent 8,578 454
  12. 12.
    Holman, J., Lazar, J., Feng, J.H., D’Arcy, J.: Developing usable CAPTCHAs for blind users. In: Proceedings of the 9th International ACM SIGACCESS Conference on Computers and Accessibility, ASSETS 2007 pp. 245–246. ACM (2007)Google Scholar
  13. 13.
    Kurniawan, S.: Older people and mobile phones: A multi-method investigation. International Journal of Human-Computer Studies 66(12), 889–901 (2008)CrossRefGoogle Scholar
  14. 14.
    Lunn, D., Harper, S.: Providing assistance to older users of dynamic web content. Computers in Human Behavior 27(6), 2098–2107 (2011)CrossRefGoogle Scholar
  15. 15.
    Mallenius, S., Rossi, M., Tuunainen, V.K.: Factors affecting the adoption and use of mobile devices and services by elderly people-results from a pilot study. Paper presented at the 6th Annual Global Mobility Roundtable, Los Angeles, CA (2007)Google Scholar
  16. 16.
    M’Raihi, D., Bellare, M., Hoornaert, F., Naccache, D., Ranen, O.: RFC 4226-HOTP: An HMAC-Based One-Time Password Algorithm (2005)Google Scholar
  17. 17.
    M’Raihi, D., Machani, S., Pei, M., Rydell, J.: RFC 6238-TOTP: Time-Based One-Time Password Algorithm (2011)Google Scholar
  18. 18.
    Perlmutter, M., Mitchell, D.B.: The Appearance and Disappearance of Age Differences in Adult Memory, vol. 8, ch. 7, pp. 127–144. Springer, US (1982)Google Scholar
  19. 19.
    Plaza, I., Martín, L., Martin, S., Medrano, C.: Mobile applications in an aging society: Status and trends. Journal of Systems and Software 84(11), 1977–1988 (2011)CrossRefGoogle Scholar
  20. 20.
    Rubin, A.D.: Independent one-time passwords. In: Proceedings of the 5th Conference on USENIX UNIX Security Symposium, SSYM 1995, vol. 5, pp. 15–15. USENIX Association (1995)Google Scholar
  21. 21.
    Sasse, M.A., Palmer, C.C.: Protecting you. IEEE Security & Privacy 12(1), 11–13 (2014)CrossRefGoogle Scholar
  22. 22.
    Shirey, R.: Rfc 4949-internet security glossary (2007)Google Scholar
  23. 23.
    Zhou, J., Rau, P.L., Salvendy, G.: Age-Related Difference In The Use Of Mobile Phones. Universal Access in the Information Society 13(4), 401–413 (2014)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.School of Computer EngineeringNanyang Technological UniversitySingaporeSingapore
  2. 2.Singapore Institute of TechnologySingaporeSingapore

Personalised recommendations