Review on Multi-Factor Authentication (MFA) Sources and Operation Challenges

Review on Multi-Factor Authentication (MFA) Sources and Operation Challenges

Rahul Neware, Urmila Shrawankar, Pranay Mangulkar, Sushil Khune
Copyright: © 2020 |Pages: 15
DOI: 10.4018/IJSST.2020070104
(Individual Articles)
No Current Special Offers


In recent years, with the mushrooming of internet-enabled mobile devices, there has been a corresponding increase in information and data being transmitted and received. This development has raised concerns about security and one of the crucial components associated with it: authentication. With a wide variety of services and communication being executed online nowadays, user authentication has come to encompass diverse fields, from online bill payments, management of entry, or access rights to vital correspondence, and much more. This paper looks at what authentication is and traces its checkered evolution, from its earliest simple single-factor version, then growing into two-factor mode and finally morphing into multi-factor (MFA) authentication. Now MFA, incorporating biometrics, is gaining widespread acceptance across numerous fields, mainly because it is dependable, quick, user-friendly, and ensures advanced safety and security. This paper, in addition to reviewing some sophisticated and potential MFA sources, also briefly dwells on the different ways MFA is being integrated.
Article Preview

1. Introduction

The past few years have witnessed a virtual explosion in Internet-connected smart devices around the world. And with this exponential increase there has been a corresponding swell in information and data being transmitted (Wei et al. 2014). Naturally, all this has given rise to growing concerns about security and one of the core issues aligned with it: authentication. In computing parlance authentication is simply the process of establishing a user’s identity. It is the mechanism of associating an incoming request with a set of identifying credentials already existing on a file in a database of the authorised user’s information on a local operating system or within an authentication server. (Katz & Lindell, 2007).

Authentication itself has witnessed a chequered evolution. In 1981, (Lamport 1981) first introduced what became the traditional user authentication blending the identity, username and password (or a PIN), to confirm the ownership of the user ID. This came to be termed as the single-factor authentication protocol (Wang et al. 2007). As it turned out, though, this protocol proved to be the weakest method of authentication. (Dasgupta, Roy, & Nag, 2016; Bonneau et al. 2015). For instance, if the password is shared, the account is at once compromised. Secondly, since generally the length of the user-chosen password is relatively short and not random, it can easily be divined by dictionary attack and peeking attack (Das, 2011), rainbow table (Ah Kioon, Wang, & Deb Das, 2013), or by social engineering techniques (Heartfield, & Loukas, 2015). To make this authentication a little stronger, it was suggested that passwords of more complex nature be used. (Danny, 2017). In any case, it was soon realised that, on the global scale (Danny, 2017), establishing the credentials of the sender through this method was totally inadequate.

Consequently, two-factor authentication was introduced (Petsas, Tsirantonakis, Athanasopoulos, & Ioannidis, 2015; Wang, He, Wang, & Chu, 2015). Two-factor authentication ensures increased security where one factor comprises a known element such as password, and the other is something owned (Wang, & Chu, 2015), such as smart cards or tokens or phones (Harini, & Padmanabhan, 2013). Nowadays, there are three kinds of elements recognised that can link a user with set credentials (Scheidt, & Domangue, 2006). These three elements are: 1) something the user knows such as a password, 2) something the user has, such as cards, tokens or smartphones and 3) something the user is intrinsically, such as behaviour pattern or biometric data. The two-factor authentication solution, in fact, was introduced with the specific aim of accomplishing certain security aims. But there is a downside. Since two -factor authentication solely relies on, say, a password and a smart card, the solution is rendered unsafe and unsecure in the event of the smart card being compromised (Aloul, Zahidi, & El-Hajj, 2009).

Finally, in view of the scourge of multiple attacks, intrusions and unauthorised access, an enhanced security method in the form of Multifactor Authentication (MFA) emerged. MFA simply is a security protocol that mandates more than one way of authentication emanating from separate categories of credentials to authenticate a user’s identity for performing a transaction or login (Frank, Biedert, Ma, Martinovic, & Song, 2013). MFA was designed to offer an enhanced degree of safety and ensure continuous protection of devices and crucial services against attacks or unauthorised intrusions.

Complete Article List

Search this Journal:
Volume 10: 1 Issue (2023): Forthcoming, Available for Pre-Order
Volume 9: 2 Issues (2022): 1 Released, 1 Forthcoming
Volume 8: 2 Issues (2021)
Volume 7: 2 Issues (2020)
Volume 6: 2 Issues (2019)
View Complete Journal Contents Listing