Related papers: Work in progress: Identifying Two-Factor Authentic…
To prevent password breaches and guessing attacks, banks increasingly turn to two-factor authentication (2FA), requiring users to present at least one more factor, such as a one-time password generated by a hardware token or received via…
To protect users from data breaches and phishing attacks, service providers typically implement two-factor authentication (2FA) to add an extra layer of security against suspicious login attempts. However, since 2FA can sometimes hinder…
We propose a two-factor authentication (2FA) mechanism called 2D-2FA to address security and usability issues in existing methods. 2D-2FA has three distinguishing features: First, after a user enters a username and password on a login…
The digital age requires strong security measures to protect online activities. Two-Factor Authentication (2FA) has emerged as a critical solution. However, its implementation presents significant challenges, particularly in terms of…
Passwords have been long used as the primary authentication method for web services. Weak passwords used by the users have prompted the use of password management tools and two-factor authentication to ensure better account security. While…
Multi-Factor Authentication is intended to strengthen the security of password-based authentication by adding another factor, such as hardware tokens or one-time passwords using mobile apps. However, this increased authentication security…
Two-factor authentication (2F) aims to enhance resilience of password-based authentication by requiring users to provide an additional authentication factor, e.g., a code generated by a security token. However, it also introduces…
With the ongoing digitalisation of our everyday tasks, more and more eGovernment services make it possible for citizens to take care of their administrative obligations online. This type of services requires a certain assurance level for…
Today, two-factor authentication (2FA) is a widely implemented mechanism to counter phishing attacks. Although much effort has been investigated in 2FA, most 2FA systems are still vulnerable to carefully designed phishing attacks, and some…
Two-factor authentication (2FA) schemes that rely on a combination of knowledge factors (e.g., PIN) and device possession have gained popularity. Some of these schemes remain secure even against strong adversaries that (a) observe the…
Account security is an ongoing issue in practice. Two-Factor Authentication (2FA) is a mechanism which could help mitigate this problem, however adoption is not very high in most domains. Online gaming has adopted an interesting approach to…
Risk-based authentication (RBA) aims to protect users against attacks involving stolen passwords. RBA monitors features during login, and requests re-authentication when feature values widely differ from previously observed ones. It is…
Online services have difficulties to replace passwords with more secure user authentication mechanisms, such as Two-Factor Authentication (2FA). This is partly due to the fact that users tend to reject such mechanisms in use cases outside…
With the rise of attacks on online accounts in the past years, more and more services offer two-factor authentication for their users. Having factors out of two of the three categories something you know, something you have and something…
Risk-based authentication (RBA) aims to strengthen password-based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at login time differ…
Nowadays, cyberattacks are growing exponentially, causing havoc to Internet users. In particular, authentication attacks constitute the major attack vector where intruders impersonate legitimate users to maliciously access systems or…
This study investigates the effectiveness of multifactor authentication (MFA) in protecting commercial accounts from unauthorized access, with an additional focus on accounts with known credential leaks. We employ the benchmark-multiplier…
Rolling out a new security mechanism in an organisation requires planning, good communication, adoption from users, iterations of reflection on the challenges experienced and how they were overcome. Our case study elicited users'…
Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones,…
We present True2F, a system for second-factor authentication that provides the benefits of conventional authentication tokens in the face of phishing and software compromise, while also providing strong protection against token faults and…