Alternative Graphical Authentication for Online Banking Environments |
Many financial institutes tend to implement a secure authentication mechanism through the utilization of the One-Time-Password (OTP) technique. The use of a hardware security token to generate the required OTP has been widespread. Despite the fact that this method provides a fairly high level of security, many systems have not taken into consideration the need for a secure alternative login method whenever the hardware token is unavailable. This paper discusses the authentication issues associated with current e-banking login implementations when the hardware security token is unavailable. The study was supported by a user survey to realize the constraints confronting the user while logging in to their online banking system. The result showed that many online banking users had multiple accounts and found carrying around several security tokens is inconvenience. Moreover, high proportion of the users had confidently accepted the concept of one-time graphical password as an alternative means of authentication. Therefore, a potential solution has been introduced along with a conceptual discussion. The proposal aims to consolidate several authentication mechanisms to unite their various advantages into one robust authentication system with consideration of usability. The composite mechanism comprises of a One-Time-Password combined with graphic-based authentication techniques.
Alsaiari H, Papadaki M, Haskell-Dowland PS (Dowland PS), Furnell SM