On the security and usability of dual credential authentication in UK online banking

Mike Just, David Aspinall

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    This paper presents the results of a security and usability review of the authentication implementations used by more than 10 UK banks. Our focus is on their use of dual text credentials that combine two passwords, PINs, or challenge questions (and some “partial selection” variations). We model the authentication protocols based upon several deployment choices, such as the credential rules, and use the model to compare the security and usability properties of the implementations. Our results indicate some variation and inconsistency across the UK banking industry, from which we offer some suggestions for improved authentication protocol design.
    Original languageEnglish
    Title of host publicationICITST 2012
    Subtitle of host publicationProceedings of the 2012 International Conference for Internet Technology And Secured Transactions
    PublisherIEEE
    Pages259-264
    Number of pages6
    ISBN (Print)9781467353250
    Publication statusPublished - 2012

    Keywords

    • usability
    • authentication
    • security

    Fingerprint Dive into the research topics of 'On the security and usability of dual credential authentication in UK online banking'. Together they form a unique fingerprint.

  • Cite this

    Just, M., & Aspinall, D. (2012). On the security and usability of dual credential authentication in UK online banking. In ICITST 2012: Proceedings of the 2012 International Conference for Internet Technology And Secured Transactions (pp. 259-264). IEEE.