Leveraging autobiographical memory for two-factor online authentication

Mahdi Nasrullah Al-Ameen (Department of Computer Science and Engineering, The University of Texas at Arlington, Arlington, Texas, USA)
S.M. Taiabul Haque (School of Computer Science and Mathematics, University of Central Missouri, Warrensburg, Missouri, USA)
Matthew Wright (Department of Computer Science and Engineering, University of Texas at Arlington, Arlington, Texas, USA)

Information and Computer Security

ISSN: 2056-4961

Publication date: 10 October 2016

Abstract

Purpose

Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords serve as the first authentication factor, a common approach to implementing the second factor is sending a one-time code, either via e-mail or text message. The prevalence of smartphones, however, creates security risks in which a stolen phone leads to user’s accounts being accessed. Physical tokens such as RSA’s SecurID create extra burdens for users and cannot be used on many accounts at once. This study aims to improve the usability and security for two-factor online authentication.

Design/methodology/approach

The authors propose a novel second authentication factor that, similar to passwords, is also based on something the user knows but operates similarly to a one-time code for security purposes. The authors design this component to provide higher security guarantee with minimal memory burden and does not require any additional communication channels or hardware. Motivated by psychology research, the authors leverage users’ autobiographical memory in a novel way to create a secure and memorable component for two-factor authentication.

Findings

In a multi-session lab study, all of the participants were able to log in successfully on the first attempt after a one-week delay from registration and reported satisfaction on the usability of the scheme.

Originality/value

The results indicate that the proposed approach to leverage autobiographical memory is a promising direction for further research on second authentication factor based on something the user knows.

Keywords

Citation

Al-Ameen, M., Haque, S. and Wright, M. (2016), "Leveraging autobiographical memory for two-factor online authentication", Information and Computer Security, Vol. 24 No. 4, pp. 386-399. https://doi.org/10.1108/ICS-01-2016-0005

Download as .RIS

Publisher

:

Emerald Group Publishing Limited

Copyright © 2016, Emerald Group Publishing Limited

Please note you might not have access to this content

You may be able to access this content by login via Shibboleth, Open Athens or with your Emerald account.
If you would like to contact us about accessing this content, click the button and fill out the form.
To rent this content from Deepdyve, please click the button.