Leveraging bluetooth as a second factor in two-factor authentication

Passwords have been the dominant single-factor authentication method for decades but are no longer sufficient to validate a user\u27s identity. The simplistic nature of passwords perpetuate their existence and makes them an easy attack vector. However, Two-Factor Authentication (2FA) augments passwords and adds a layer of security. Although 2FA has the potential to increase security, traditional second factors require user interaction at every login attempt, which may contribute to slow adaptation. Traditional second factors drastically alter the user authentication experience and typically require the user to navigate away from the login screen. Therefore, we present a new second-factor method that leverages Bluetooth technology called Ambient-Discovery. Our protocol is designed to provide security assurances comparable to or greater than the traditional second factors while keeping the user experience the same as password-based authentication. There is no user interaction, as the second factor restricts communication between a mobile application and a computer browser. Therefore, Ambient-Discovery provides an additional layer of security while limiting user interaction

Leveraging bluetooth as a second factor in two-factor authentication

Passwords have been the dominant single-factor authentication method for decades but are no longer sufficient to validate a user\u27s identity. The simplistic nature of passwords perpetuate their existence and makes them an easy attack vector. However, Two-Factor Authentication (2FA) augments passwords and adds a layer of security. Although 2FA has the potential to increase security, traditional second factors require user interaction at every login attempt, which may contribute to slow adaptation. Traditional second factors drastically alter the user authentication experience and typically require the user to navigate away from the login screen. Therefore, we present a new second-factor method that leverages Bluetooth technology called Ambient-Discovery. Our protocol is designed to provide security assurances comparable to or greater than the traditional second factors while keeping the user experience the same as password-based authentication. There is no user interaction, as the second factor restricts communication between a mobile application and a computer browser. Therefore, Ambient-Discovery provides an additional layer of security while limiting user interaction

Design, implementation and analysis of a theft-resistant password manager based on Kamouflage architecture

Masteroppgave informasjons- og kommunikasjonsteknologi - Universitetet i Agder, 2015As a solution for helping companies and users in the constant security dilemma of obtaining and using passwords in the securest ways possible, password managers have become custom around the globe. The design architecture on what development of password managers are based on, preserving authenticity, usability and reliability are principles that keep systems secure and defend against attacks or unfortunate circumstances. The design principles however, have changed little over time. After researching password managers and analyzing overall security, we use our findings to develop a design based on the implementation of decoys, customized for Android. This development was inspired by a paper named ”Kamouflage: Loss-Resistant Password Management” [27]

二経路多要素による本人認証方式の研究

本論文では、インターネット上の本人認証技術の課題と解決案について提および事業化システムの概要について議論する。近年、電話網など別の経路を通して識符号を送信する二経路認証方式が普及してきいるが、ソーシャル・エンジニアリングや盗難、マルウェア、中間者攻撃等に対する脆弱性の課題や利用者の否認などの課題があった。 提案方式では、 (１)ワンコールにより毎回変わる電話番号を伝え、それにコールバックをする方式、 (２)日本国内などに限定し発信者番号認証や音声ガイダンス確認、声紋判定による方式、および (３)SMS で毎回変わる電話番号を伝え、宣誓録音や声紋チャレンジレスポンスによる方式を提案し、前記課題が解決できること示す。電気通信大学201

An Experimental Study on the Role of Password Strength and Cognitive Load on Employee Productivity

The proliferation of information systems (IS) over the past decades has increased the demand for system authentication. While the majority of system authentications are password-based, it is well documented that passwords have significant limitations. To address this issue, companies have been placing increased requirements on the user to ensure their passwords are more complex and consequently stronger. In addition to meeting a certain complexity threshold, the password must also be changed on a regular basis. As the cognitive load increases on the employees using complex passwords and changing them often, they may have difficulty recalling their passwords. As such, the focus of this experimental study was to determine the effects of raising the cognitive load of the authentication strength for users upon accessing a system via increased strength for passwords requirements. This experimental research uncovered the point at which raising the authentication strength for passwords becomes counterproductive by its impact on end-user performances. To investigate the effects of changing the cognitive load (via different password strength) over time, a quasi-experiment was proposed. Data was collected in an effort to analyze the number of failed operating system (OS) logon attempts, users’ average logon times, average task completion times, and number of requests for assistance (unlock & reset account). Data was also collected for the above relationships when controlled for computer experience, age, and gender. This quasi-experiment included two experimental groups (Group A & B), and a control group (Group C). There was a total of 72 participants from the three groups. Additionally, a pretest-posttest experiment survey was administered before and after the quasi-experiment. Such assessment was done in an effort to see if user’s perceptions of password use would be changed by participating in this experimental study. The results indicated a significant difference between the user’s perceptions about passwords before and after the quasi-experiment. The Multivariate Analysis of Variance (MANOVA) and Multivariate Analysis of Covariate (MANCOVA) tests were conducted. The results revealed a significance difference on the number of failed logon attempts, average logon times, average task completion, and amount of request for assistance between the three groups (two treatment groups & the control group). However, no significant differences were observed when controlling for computer experience, age, and gender. This research study contributed to the body of knowledge and has implications for industry as well as for further study in the information systems domain. It contributed by giving insight into the point at which an increase of the cognitive load (via different password strengths) become counterproductive to the organization by causing an increase in number of failed OS logon attempts, users\u27 average logon times, average task completion times, and number of requests for assistance (unlock and reset account). Future studies may be conducted in the industry as results by differ from college students