Biometric Authentication in M-Payments : Analysing and improving end-users’ acceptability

Porubsky, Jakub

January 2020

Traditional authentication methods like Personal Identification Number (PIN) are getting obsolete and insecure for electronic-payments while mobile-payments are becoming more and more popular. Biometrics such as fingerprint and face recognition authentication methods seem to be a solution to this security issue as they are becoming a regular and integrated part of an average smartphone end-users purchase. However, for mobile-payments to be authenticated by biometrics, end-users acceptability of both technologies must be high. In this research, fingerprint and face recognition authentication methods are being tested with end-users and their current acceptability level is being determined based on interviews which are conducted upon finishing each testing scenario. The interview is using 39 questions which are determining previous usage of the technologies, their likeability, positives, negatives, and feelings about various features biometrics provide such as ease-of-use, stress-free method of payment, security, and many others. Additionally, one more authentication method is tested, namely two factor authentication consisting of one biometric method (fingerprint) and one traditional method (PIN) of authentication. The main goal for testing this method is to find out whether implementing (as currently it is not available) such technology into mobile-payments would be beneficial and how it scored in user-acceptance next to fingerprint and face recognition authentication methods. Once the user-acceptance level is determined the main reasons for it are presented. Last but not least, suggestions for improvements in this domain are presented so that biometrics are even more accepted by end-users who are performing mobile-payments on their smartphones.

mobile payments

m-payments

biometrics

fingerprint

face recognition

2FA

Computer Systems

Datorsystem

Masquerader Detection via 2fa Honeytokens

Wiklund, Anton

January 2021

Detection of insider threats is vital within cybersecurity. Techniques for detection include honeytokens, which most often are resources that, through deception, seek to expose intruders. One kind of insider that is detectable via honeytokens is the masquerader. This project proposes implementing a masquerader detection technique where honeytokens are placed within users’ filesystems in such a way that they also provide Two Factor Authentication(2fa) functionality. If a user’s second factor – the honeytoken –is not accessed within a specified timeframe after login, this indicates a potential intrusion, and only a “fake” filesystem will remain available. An alert is also triggered. The intention is to deter insiders from masquerading since they are aware that they must access a uniquely located honeytokena fter logging in to the legitimate user’s account. The technique was evaluated via user-testing that included interviews, a checklist with requirements for feasibility, and a cyber-security expert’s opinion on the technique’s feasibility. The main question evaluated during the project was the feasibility of adding the proposed technique to a computer system’s protective capabilities. The results of the project indicated that the proposed technique is feasible. The project’s results were also compared with the results of prior related research. The project’s scope was limited to a Linux system accessed via SSH into a Bash terminal(non-GUI-compatible), and the implemented technique was also evaluated within such an environment.

Cyber security deception

two-factor authentication(2fa)

honeytoken

misinformation

intrusion detection

Other Engineering and Technologies

Annan teknik

Managing Two-Factor Authentication Setup Through Password Managers

Dutson, Jonathan William

09 April 2020

Two-factor authentication (2FA) provides online accounts with protection against remote account compromise. Despite the security benefits, adoption of 2FA has remained low, in part due to poor usability. We explore the possibility of improving the usability of the 2FA setup process by providing setup automation through password managers. We create a proof-of-concept KeePass (a popular password manager) extension that adds browser-based automation to the 2FA setup process and conduct a 30-participant within-subjects user study to measure user perceptions about the system. Our system is found to be significantly more usable than the current manual method of 2FA setup for multiple online accounts, with our system receiving an average SUS score of ‘A’ while the manual setup method received an average score of ‘D’. We conduct a meta-analysis of some of the most common methods of 2FA used by websites today and propose a web API that could increase the speed, ease, and scalability of 2FA setup automation. Our threat analysis suggests that using password managers for 2FA automation can be implemented without introducing significant security risks to the process. The promising results from our user study and analysis indicate that password managers have strong potential for improving the usability of 2FA setup.

security

usable security

two-factor authentication

2FA

password managers

automation

usability

Physical Sciences and Mathematics

Digital säkerhet över generationsgränser / Digital security across generations

Lööf, David

January 2023

Denna studie undersöker användningen av tvåfaktorautentisering och utforskar motiveringarna för att använda eller inte använda tvåfaktorautentisering, skillnaderna i åsikter mellan olika åldersgrupper, samt möjliga förenklingar för att öka användningen av 2FA. Studien genomfördes med en kvalitativ metod i Västra Götalandsregionen, där semi-strukturerade intervjuer genomfördes med deltagare i åldersgrupperna 28–35 och 63–70. Resultaten av studien tyder på att det finns både unika och gemensamma upplevelser av tvåfaktorautentisering och säkerhetsbeteende bland deltagarna, samt möjliga områden för förbättring i design och implementering av tvåfaktorautentisering system.

2FA

vuxna

äldre vuxna

cybersäkerhet

Information Systems, Social aspects

Usability-Driven Security Enhancements in Person-to-Person Communication

Yadav, Tarun Kumar

01 February 2024

In the contemporary digital landscape, ensuring secure communication amid widespread data exchange is imperative. This dissertation focuses on enhancing the security and privacy of end-to-end encryption (E2EE) applications while maintaining or improving usability. The dissertation first investigates and proposes improvements in two areas of existing E2EE applications: countering man-in-the-middle and impersonation attacks through automated key verification and studying user perceptions of cryptographic deniability. Insights from privacy-conscious users reveal concerns about the lack of E2EE support, app siloing, and data accessibility by client apps. To address these issues, we propose an innovative user-controlled encryption system, enabling encryption before data reaches the client app. Finally, the dissertation evaluates local threats in the FIDO2 protocol and devises defenses against these risks. Additionally, it explores streamlining FIDO2 authentication management across multiple websites for user convenience and security.

FIDO2

End-to-end encryption

E2EE

Application-independent encryption

2FA

Signal

Secure messaging

MITM attacks

Authentication

Physical Sciences and Mathematics

What are the motivations and barriers for incorporating multi-factor authentication among IT students?

Henriksson, Adam

January 2022

The need for greater account security has grown as the globe has become more digitally connected. One of the solutions available today is multi-factor authentication, which enables users to add additional authentication factors to secure their accounts. However, multi-factor authentication has not become widespread in organisations due to a lack of user accessibility and knowledge of the subject's importance. This study aimed to identify possible motivations and barriers to adopting multi-factor authentication from students at the University of Skövde to motivate possible improvements in the education and tools of multi-factor authentication. Ten students from the Network and system administration program at the University of Skövde were interviewed in the spring of 2022. The answers received were analysed qualitatively with thematic analysis. The results from the analysed answers formed a theme named ‘NSA students consider themselves secure’ derived from the three categories found during the coding. All students were familiar with multi-factor authentication and its importance for account security. Despite this, not all the students used it for their private accounts, stating that they considered it inconvenient and not required. The students who used multi-factor authentication did not use it for every account they owned, instead opting to secure important services like email, social media and crypto-wallets. Based on the results, improvements regarding usability in authenticator applications and teaching users about the cybersecurity risks and advantages of utilising MFA may increase its adoption rate. / <p>Adam Lasu Henriksson</p>

IT

Cybersecurity

Information security

MFA

2FA

Information Systems

Learning

Lärande

Information Systems, Social aspects