• DocumentCode
    599423
  • Title

    On the security and usability of dual credential authentication in UK online banking

  • Author

    Just, M. ; Aspinall, D.

  • Author_Institution
    Glasgow Caledonian Univ., Glasgow, UK
  • fYear
    2012
  • fDate
    10-12 Dec. 2012
  • Firstpage
    259
  • Lastpage
    264
  • Abstract
    This paper presents the results of a security and usability review of the authentication implementations used by more than 10 UK banks. Our focus is on their use of dual text credentials that combine two passwords, PINs, or challenge questions (and some “partial selection” variations). We model the authentication protocols based upon several deployment choices, such as the credential rules, and use the model to compare the security and usability properties of the implementations. Our results indicate some variation and inconsistency across the UK banking industry, from which we offer some suggestions for improved authentication protocol design.
  • Keywords
    bank data processing; cryptographic protocols; human computer interaction; message authentication; PIN; UK banking industry; UK online banking; authentication protocol design improvement; challenge questions; credential rules; dual credential authentication security; dual credential authentication usability; dual text credentials; partial selection variations; passwords; security properties; usability properties; Additives; Authentication; Internet; Pins; Protocols; Usability; Authentication; security; usability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Internet Technology And Secured Transactions, 2012 International Conference for
  • Conference_Location
    London
  • Print_ISBN
    978-1-4673-5325-0
  • Type

    conf

  • Filename
    6470955
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=599423