Online citations, reference lists, and bibliographies.

A Survey On Multi-factor Authentication For Online Banking In The Wild

F. Sinigaglia, R. Carbone, Gabriele Costa, Nicola Zannone
Published 2020 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Abstract In recent years, the usage of online banking services has considerably increased. To protect the sensitive resources managed by these services against attackers, banks have started adopting Multi-Factor Authentication (MFA). To date, a variety of MFA solutions have been implemented by banks, leveraging different designs and features and providing a non-homogeneous level of security and user experience. Public and private authorities have defined laws and guidelines to guide the design of more secure and usable MFA solutions, but their influence on existing MFA implementations remains unclear. In this work, we present a latitudinal study on the adoption of MFA and the design choices made by banks operating in different countries. In particular, we evaluate the MFA solutions currently adopted in the banking sector in terms of (i) compliance with laws and best practices, (ii) robustness against attacks and (iii) complexity. We also investigate possible correlations between these criteria. Based on this study, we identify a number of lessons learned and open challenges.
This paper references
Strong Authentication for e-Banking: A Survey on European Regulations and Implementations
Federico Sinigaglia (2017)
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
G. Lowe (1996)
Two-Factor or not Two-Factor? A Comparative Usability Study of Two-Factor Authentication
Emiliano De Cristofaro (2013)
Data security and multi-factor authentication: Analysis of requirements under EU law and in selected EU Member States
E. Kennedy (2016)
Formal Modeling and Automatic Security Analysis of Two-Factor and Two-Channel Authentication Protocols
Alessandro Armando (2013)
"They brought in the horrible key ring thing!" Analysing the Usability of Two-Factor Authentication in UK Online Banking
K. Krol (2015)
Security Analysis of Mobile Two-Factor Authentication Schemes
A. Dmitrienko (2014)
On App-based Matrix Code Authentication in Online Banking
Vincent Haupert (2018)
The WEKA data mining software: an update
M. Hall (2009)
User perceptions of security, convenience and usability for ebanking authentication tokens
Catherine S. Weir (2009)
SUS - A quick and dirty usability scale
J. Brooke (2006)
Design, Formal Specification and Analysis of Multi-Factor Authentication Solutions with a Single Sign-On Experience
Giada Sciarretta (2018)
Applied statistics for the behavioral sciences
D. Hinkle (1979)
Usable security: User preferences for authentication methods in eBanking and the effects of experience
Catherine S. Weir (2010)
The Case for Mobile Two-Factor Authentication
Dimitri do B. DeFigueiredo (2011)
Security Analysis of a Multi-factor Authenticated Key Exchange Protocol
Feng Hao (2012)
Internet Banking: Developments and Prospects
K. Furst (2000)
A Survey of Authentication and Communications Security in Online Banking
Sven Kiljan (2016)

This paper is referenced by
Semantic Scholar Logo Some data provided by SemanticScholar