English
Related papers

Related papers: How effective is multifactor authentication at det…

200 papers

Rolling out a new security mechanism in an organisation requires planning, good communication, adoption from users, iterations of reflection on the challenges experienced and how they were overcome. Our case study elicited users'…

Cryptography and Security · Computer Science 2020-11-06 Abideen Tetlay , Helen Treharne , Tom Ascroft , Sotiris Moschoyiannis

Risk-based authentication (RBA) aims to protect users against attacks involving stolen passwords. RBA monitors features during login, and requests re-authentication when feature values widely differ from previously observed ones. It is…

Cryptography and Security · Computer Science 2022-11-11 Stephan Wiefling , Paul René Jørgensen , Sigurd Thunem , Luigi Lo Iacono

We propose a two-factor authentication (2FA) mechanism called 2D-2FA to address security and usability issues in existing methods. 2D-2FA has three distinguishing features: First, after a user enters a username and password on a login…

Cryptography and Security · Computer Science 2021-11-01 Maliheh Shirvanian , Shashank Agrawal

E-payments are essential for transactional convenience in today's digital economy and are becoming increasingly important for older adults, emphasizing the need for enhanced security, privacy, and usability. To address this, we conducted a…

Computers and Society · Computer Science 2024-12-20 Sanchari Das

Online services have difficulties to replace passwords with more secure user authentication mechanisms, such as Two-Factor Authentication (2FA). This is partly due to the fact that users tend to reject such mechanisms in use cases outside…

Cryptography and Security · Computer Science 2023-03-23 Vincent Unsel , Stephan Wiefling , Nils Gruschka , Luigi Lo Iacono

Two-factor authentication (2FA) schemes that rely on a combination of knowledge factors (e.g., PIN) and device possession have gained popularity. Some of these schemes remain secure even against strong adversaries that (a) observe the…

Cryptography and Security · Computer Science 2022-08-08 Steven J. Murdoch , Aydin Abadi

Many recent IT companies use cloud services for deploying their products, mainly because of their convenience. As such, cloud assets have become a new attack surface, and the concept of cloud security has emerged. However, cloud security is…

Cryptography and Security · Computer Science 2025-01-07 Sungchan Yi

Previous Web access authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. This paper proposes a new protocol using multifactor authentication system that is…

Cryptography and Security · Computer Science 2011-11-15 Ayu Tiwari , Sudip Sanyal , Ajith Abraham , Svein Johan Knapskog , Sugata Sanyal

As e-commerce continues to expand, the urgency for stronger privacy and security measures becomes increasingly critical, particularly on platforms frequented by younger users who are often less aware of potential risks. In our analysis of…

Cryptography and Security · Computer Science 2024-10-22 Urvashi Kishnani , Sanchari Das

The majority of systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for…

Cryptography and Security · Computer Science 2021-01-22 Vassilis Papaspirou , Leandros Maglaras , Mohamed Amine Ferrag , Ioanna Kantzavelou , Helge Janicke , Christos Douligeris

Low-end embedded devices are increasingly used in various smart applications and spaces. They are implemented under strict cost and energy budgets, using microcontroller units (MCUs) that lack security features available in general-purpose…

Cryptography and Security · Computer Science 2023-10-20 Adam Caulfield , Norrathep Rattanavipanon , Ivan De Oliveira Nunes

The digital age requires strong security measures to protect online activities. Two-Factor Authentication (2FA) has emerged as a critical solution. However, its implementation presents significant challenges, particularly in terms of…

Cryptography and Security · Computer Science 2025-02-18 Alexander Lengert

Risk-based authentication (RBA) extends authentication mechanisms to make them more robust against account takeover attacks, such as those using stolen passwords. RBA is recommended by NIST and NCSC to strengthen password-based…

Cryptography and Security · Computer Science 2023-01-05 Stephan Wiefling , Jan Tolsdorf , Luigi Lo Iacono

Since the introduction of bcrypt in 1999, adaptive password hashing functions, whereby brute-force resistance increases symmetrically with computational difficulty for legitimate users, have been our most powerful post-breach countermeasure…

Cryptography and Security · Computer Science 2023-08-31 Vivek Nair , Dawn Song

Federated authentication can drastically reduce the overhead of basic account maintenance while simultaneously improving overall system security. Integrating with the user's more frequently used account at their primary organization both…

Nowadays, most online services offer different authentication methods that users can set up for multi-factor authentication but also as a recovery method. This configuration must be done thoroughly to prevent an adversary's access while…

Cryptography and Security · Computer Science 2024-03-25 Andre Büttner , Nils Gruschka

The growing misuse of Vision-Language Models (VLMs) has led providers to deploy multiple safeguards, including alignment tuning, system prompts, and content moderation. However, the real-world robustness of these defenses against…

Cryptography and Security · Computer Science 2025-11-21 Yijun Yang , Lichao Wang , Jianping Zhang , Chi Harold Liu , Lanqing Hong , Qiang Xu

Risk-based authentication (RBA) is used in online services to protect user accounts from unauthorized takeover. RBA commonly uses contextual features that indicate a suspicious login attempt when the characteristic attributes of the login…

Cryptography and Security · Computer Science 2024-03-19 Andre Büttner , Andreas Thue Pedersen , Stephan Wiefling , Nils Gruschka , Luigi Lo Iacono

Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones,…

Cryptography and Security · Computer Science 2020-10-02 Stephan Wiefling , Markus Dürmuth , Luigi Lo Iacono

Encrypted cloud storage services are steadily increasing in popularity, with many commercial solutions currently available. In such solutions, the cloud storage is trusted for data availability, but not for confidentiality. Additionally,…

Cryptography and Security · Computer Science 2020-10-28 Anders Dalskov , Daniele Lain , Enis Ulqinaku , Kari Kostiainen , Srdjan Capkun