• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>European symposium on research in computer security;International workshop on cryptocurrencies and blockchain technology;International workshop on data privacy management >User Perceptions of Security and Usability of Mobile-Based Single Password Authentication and Two-Factor Authentication
【24h】

User Perceptions of Security and Usability of Mobile-Based Single Password Authentication and Two-Factor Authentication

机译:用户对基于移动设备的单密码身份验证和两因素身份验证的安全性和可用性的感知

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Two-factor authentication provides a significant improvement over the security of traditional password-based authentication by requiring users to provide an additional authentication factor, e.g., a code generated by a security token. In this decade, single password authentication (SPA) schemes are introduced to overcome the challenges of traditional password authentication, which is vulnerable to the offline dictionary, phishing, honeypot, and man-in-the-middle attacks. Unlike classical password-based authentication systems, in SPA schemes the user is required to remember only a single password (and a username) for all her accounts, while the password is protected against the aforementioned attacks in a provably secure manner. In this paper, for the first time, we implement the state-of-the-art mobile-based SPA system of A car et al. (2013) as a prototype and assess its usability in a lab environment where we compare it against two-factor authentication (where, in both cases, in addition to the password, the user needs access to her mobile device). Our study shows that mobile-based SPA is as easy as, but less intimidating and more secure than two-factor authentication, making it a better alternative for online banking type deployments. Based on our study, we conclude with deployment recommendations and further usability study suggestions.
机译:双因素认证提供了通过要求用户提供附加的认证因素,例如,由安全令牌生成的码比传统的基于密码的认证的安全性一个显著改善。在这十年中,单密码验证(SPA)方案引入克服了传统密码认证,这是易受离线字典,网络钓鱼,蜜罐,以及人在这方面的中间人攻击的挑战。不同于传统的基于密码的认证系统,在SPA方案,用户需要只记住她全部的账户单一密码(用户名),而密码是对的可证明安全的方式,对上述攻击。在本文中,第一次,我们实现汽车等的国家的最先进的基于移动的SPA系统。 (2013年)为原型,并评估其在实验室环境中,我们比较一下对双因素认证的可用性(其中,在这两种情况下,除了密码,用户需要访问她的移动设备)。我们的研究表明,基于移动设备的SPA与两因素身份验证一样简单,但没有威胁性和更安全,这使其成为网上银行类型部署的更好替代方案。根据我们的研究,我们得出部署建议和进一步的可用性研究建议。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号