Assessing usable security of multifactor authentication

Althobaiti, Maha (2016) Assessing usable security of multifactor authentication. Doctoral thesis, University of East Anglia.

[thumbnail of MahaAlthobaiti.pdf]
Download (4MB) | Preview


An authentication mechanism is a security service that establishes the difference between authorised and unauthorised users. When used as part of certain website processes such as online banking, it provides users with greater safety and protection against service attacks and intruders. For an e-banking website to be considered effective, it should provide a usable and secure authentication mechanism. Despite existing research on usability and security domains, there is a lack of research on synthesising the contributions of usable security and evaluating multifactor authentication methods. Without understanding the usability and security of authentication mechanisms, the authenticating process is likely to become cumbersome and insecure. This negatively affects a goal of the authentication process, convenience for the user.
This thesis sought to investigate the usability and security of multifactor authentication and filled an important gap in the development of authenticating processes. It concentrated on users’ perspectives, which are crucial for the deployment of an authenticating process.
To achieve the thesis goal, a systematic series of three studies has been conducted. First, an exploratory study was used to investigate the current state of the art of using multifactor authentication and to evaluate the usability and security of these methods. The study involved a survey of 614 e-banking users, who were selected because they were likely long-term users of online banking and they had two different bank accounts, a Saudi account and a foreign account (most foreign accounts were British). The study indicated that multifactor authentication has been widely adopted in e-banking in Saudi Arabia and the United Kingdom, with high levels of security and trustworthiness as compared to single factor authentication.
The second study was a descriptive study of the most common authentication methods. This study aimed to learn more about commonly used methods that were identified in the previous study and sought to propose an appropriate combination of authentication methods to be evaluated in the third study. The third study was an experimental study with 100 users to evaluate the usable security of three different multifactor authentication methods: finger print, secure device and card reader. A web based system was designed specifically for this study to simulate an original UK e-banking website. One of the main contribution of this study was that the system allowed users to choose their preferred authentication method. Moreover, the study contributed to the field of usable security by proposing security evaluation criteria based on users’ awareness of security warnings. The key result obtained indicated that fingerprinting was the most usable and secure method. Additionally, the users’ level of understanding security warnings was very low, as shown by their reaction to the security indicators presented during the experiment.

Item Type: Thesis (Doctoral)
Faculty \ School: Faculty of Science > School of Computing Sciences
Depositing User: Jackie Webb
Date Deposited: 30 Nov 2016 10:01
Last Modified: 30 Nov 2016 10:01


Downloads per month over past year

Actions (login required)

View Item View Item