Knowledge based Authentication Techniques and Challenges

Knowledge-based Authentication (KBA) is an au-thentication approach, which verifying the user identity when accessing services such as finical websites. KBA requests specific information to prove personal identity of the owner. This paper discusses the challenges that are faced by KBA techniques. Memorability is the main obstacle in KBA since the users trying to utilize simple passwords or unify the passwords in various services, a step that cause problems and issues with compliance with security policies. Furthermore, the technique of mixing username/password is considered as another important challenge of KBA due to the recall-based authentication. This discussion includes a comparative analysis of KBA’s techniques based on trade-off criteria to support making of decision. This study’s results can support organizations in the recommendations process of a suitable KBA technique for organizations.

[1]  M. Sarosh Umar,et al.  A Novel Text-Based User Authentication Scheme Using Pseudo-dynamic Password , 2019 .

[2]  Norziana Jamil,et al.  A Framework for experience based user authentication technique for minimizing risk of brute-force attacks , 2019 .

[3]  Abdelrahman Abuarqoub,et al.  D-FAP: Dual-Factor Authentication Protocol for Mobile Cloud Connected Devices , 2019, J. Sens. Actuator Networks.

[4]  Elisa Bertino,et al.  PrivBioMTAuth: Privacy Preserving Biometrics-Based and User Centric Protocol for User Authentication From Mobile Phones , 2018, IEEE Transactions on Information Forensics and Security.

[5]  Poonam M Bhogle,et al.  Comparison of Graphical Password Authentication Techniques , 2015 .

[6]  Hannan Xiao,et al.  A study into the usability and security implications of text and image based challenge questions in the context of online examination , 2018, Education and Information Technologies.

[7]  Nhan Nguyen,et al.  Designing challenge questions for location‐based authentication systems: a real‐life study , 2015, Human-centric Computing and Information Sciences.

[8]  Matthias Baldauf,et al.  Investigating the User Experience of Smartphone Authentication Schemes - The Role of the Mobile Context , 2019, HICSS.

[9]  Albert Esterline,et al.  Robust password system based on dynamic factors , 2016, 2016 6th International Conference on Information Communication and Management (ICICM).

[10]  K. B. Raja,et al.  Comprehensive Study of Biometric Authentication Systems, Challenges and Future Trends , 2019 .

[11]  Suliman A. Alsuhibany Evaluating the Usability of Optimizing Text-based CAPTCHA Generation , 2016 .

[12]  Marios Belk,et al.  Security and Usability in Knowledge-based User Authentication: A Review , 2016, PCI.

[13]  Amanpreet A. Kaur,et al.  A Critical appraisal on Password based Authentication , 2019, International Journal of Computer Network and Information Security.

[14]  Hannan Xiao,et al.  A Dynamic Profile Questions Approach to Mitigate Impersonation in Online Examinations , 2018, Journal of Grid Computing.

[15]  Verena Zimmermann,et al.  The password is dead, long live the password - A laboratory study on user perceptions of authentication schemes , 2020, Int. J. Hum. Comput. Stud..

[16]  Merve Yildirim,et al.  Encouraging users to improve password security and memorability , 2019, International Journal of Information Security.

[17]  Amanpreet Kaur,et al.  Qualitative assessment of authentication measures , 2016, 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom).

[18]  Alican Beydemir,et al.  Lightweight zero knowledge authentication for Internet of things , 2017, 2017 International Conference on Computer Science and Engineering (UBMK).

[19]  Mohsen Guizani,et al.  g-RAT | A Novel Graphical Randomized Authentication Technique for Consumer Smart Devices , 2019, IEEE Transactions on Consumer Electronics.