References
- G. D. Williamson, "Enhanced Authentication in Online Banking," Journal of Economic Crime Management, vol. 4, no. 2, pp. 1-42, 2006.
- M. Johnson, "A New Approach to Internet Banking," University of Cambridge Computer Laboratory, Cambridge, UK, 2008.
- Y. Espelid, L.-H. Netland, A. N. Klingsheim and K. J. Hole, "A Proof of Concept Attack against Norwegian Internet Banking Systems," Financial Cryptography and Data Security, pp. 197-201, 2008.
- D. Stebila, P. Udupi and S. Chang, "Multi-Factor Password Authenticated Key Exchange," in Proc. of the 8th Australasian Conference on Information Security, pp. 55-66, 2010.
- F. Aloul, S. Zahidi and W. El-Hajj, "Two Factor Authentication using Mobile Phones," in Proc. of the IEEE International Conference on Computer Systems and Applications, pp. 641-644, 2009.
- D. v. Thanh, I. Jrstad, T. Jonvik and D. v. Thaun, "Strong Authentication with Mobile Phone as Security Token," in Proc. of the 6th IEEE International Conference on Mobile Adhoc and Sensor Systems, pp. 777-782, 2009.
- M. Marlinspkie, New Tricks for Defeating SSL in Practice, BlackHat Conference, 2009.
- D. Emm, M. Garnaeva, R. Unuchek, D. Makrushin and A. Ivanov, "IT Threat Evolution in Q3 2015," Kaspersky Lab, Moscow, Russia Federation, 2015.
- K. C. Park, J. W. Shin and B. G. Lee, "Analysis of Authentication Methods for Smartphone Banking Service using ANP," KSII Transactions on Internet and Information Systems, vol. 8, no. 6, pp. 2087-2103, 2014. https://doi.org/10.3837/tiis.2014.06.016
- The Telegraph, "BoE Cyber Attack Exercise Shows Banks Unprepared," 2014. [Online]. Available: http://www.telegraph.co.uk/finance/bank-of-england/10620937/BoE-cyber-attackexercise-shows-banks-unprepared.html. [Accessed April 2016].
- A. Hiltgen, T. Kramp and T. Weigold, "Secure Internet Banking Authentication," IEEE Security and Privacy, pp. 21-29, March - April 2006.
- Y. Desmedt, I. Karaolis, M. Adham and A. Sadr-Azodi, "How to Attack Two-Factor Authentication Internet Banking," in Proc. of the 17th International Conference on Financial Cryptography and Data Security, pp. 322-328, 2013.
- B. Schneier, "Two-Factor Authentication: Too Little, Too Late," Communications of the ACM, vol. 48, no. 4, p. 136, April 2005. https://doi.org/10.1145/1053291.1053327
- M. Mannan and P. C. V. Oorschot, "Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer," in Proc. of the 11th International Conference on Financial Cryptography and 1st International Conference on Usable Security, Scarborough, Trinidad and Tobago, pp. 88-103, 2007.
- R. Rittenhouse and J. A. Chaudhry, "A Survey of Alternative Authentication Methods," in Proc. of the 2015 International Conference on Recent Advances in Computer Systems, Saudi Arabia, pp. 179-182, 2015.
- A. M. Hagalisletto and A. Riiber, "Using the mobile phone in two-factor authentication," in Proc. of the 1st International Workshop on Security for Spontaneous Interaction, Innsbruck, Austria, 2007.
- R. D. Pietro, G. Me and M. A. Stangio, "A Two-Factor Mobile Authentication Scheme for Secure Financial Transactions," in Proc. of the International Conference on Mobile Business, Sydney, Australia, 2005.
- D. Wang, N. Wang, P. Wang and S. Qing, "Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity," Information Sciences, vol. 321, pp. 162-178, 2015. https://doi.org/10.1016/j.ins.2015.03.070
- B. Adida, "Beamauth: Two-Factor Web Authentication with a Bookmark," in Proc. of the ACM Conference on Computer and Communications Security, Alexandria, VA, USA, pp. 48-57, 2007.
- A. P. Sabzevar and A. Stavrou, "Universal Multi-Factor Authentication Using Graphical Passwords," in Proc. of the IEEE International Conference on Signal Image Technology and Internet Based Systems, Bali, Indonesia, pp. 625-632, 2008.
- K. Najan, P. Ragava, A. Sawant and S. Madchane, "Image Steganography, Compression and Image Morphing for Banking Website," International Journal for Innovative Research in Science and Technology, vol. 2, no. 10, pp. 56-58, 2016.
- S. Mahitthiburin and S. Boonkrong, "Improving Security with Two-Factor Authentication using Image," KMUTNB: International Journal of Applied Science and Technology, vol. 8, no. 1, pp. 33-43, January-March 2015.
- K. M. Apampa, T. Zhang, G. B. Wills and D. Argles, "Ensuring Privacy of Biometric Factors in Multi-Factor Authentication Systems," in Proc. of the International Conference on Security and Cryptography, Porto, Portugal, 2008.
- H. Al-Assam, H. Sallahewa and S. Jassim, "On Security of Multi-Factor Biometric Authentication," in Proc. of the International Conference for Internet Technology and Secured Transactions, London, UK, 2010.
- L. T. Premakumari and A. S. Jothi, "Multimodal Biometric Endorsement for Secure Internet Banking using Skin Spectroscopy, Knuckles Texture and Finger Nail Recognition," International Research Journal of Engineering and Technology, vol. 3, no. 2, pp. 1086-1090, 2016.
- M. Al-Fairuz and K. Renaud, "Multi-channel, Multi-level Authentication for More Secure eBanking," in Proc. of the International Conference on Information Security for South Africa, 2010.
- X. Huang, Y. Xiang, E. Bertino, J. Zhou and L. Xu, "Robust Multi-Factor Authentication for Fragile Communications," IEEE Transactions on Dependable and Secure Computing, vol. 11, no. 6, pp. 568-581, November-December 2014. https://doi.org/10.1109/TDSC.2013.2297110
- C. W. Crannel and J. M. Parrish, "A Comparison of Immediate Memory Span for Digits, Letters and Words," The Journal of Psychology, vol. 44, pp. 319-327, 1957. https://doi.org/10.1080/00223980.1957.9713089
- W. Ma, J. Campbell, D. Tran and D. Kleeman, "Password Entropy and Password Quality," in Proc. of the 4th International Conference on Network and System Security (NSS), pp. 583-587, 2010.
- S. Boonkrong, "Security of Passwords," Journal of Information Technology, vol. 8, no. 2, pp. 112-117, July - December 2012.
- Information Technology Laboratory, "Secure Hash Standard (SHS)," 2012.
- L. Gong, R. Noodham and R. Yahalom, "Reasoning about Belief in Cryptographic Protocols," in Proc. of the 1990 IEEE Symposium on Research in Security and Privacy, Oakland, California, USA, pp. 234-248, 1990.
- R. B. Miller, "Response Time in Man-computer Conversational Transactions," in Proc. of the December 9-11, 1968, Fall Joint Computer Conference, Part I, San Francisco, California, pp. 267-277, 1968.
- OWASP, "Testing Multiple Factors Authentication (OWASP-AT-009)," [Online]. Available: https://www.owasp.org/index.php/Testing_Multiple_Factors_Authentication_(OWASP-AT-009). [Accessed July 2014].
- N. Usavapipatkul, K. Yochanang and S. Boonkrong, "Authentication by One-Time Password using the Solution of Random Numeric and Simple Calculation," in Proc. of the 8th National Conference on Computing and Information Technology, Chonburi, Thailand, pp. 303-310, 2012.
- K.-P. Yee and K. Sitaker, "Passpet: Convenient Password Management and Phishing Protection," in Proc. of the Second Symposium on Usable Privacy and Security, Pittsburgh, Pennsylvania, USA, pp. 32-43, 2006.
- S. Gaw and E. W. Felton, "Password Management Strategies for Online Accounts," in Proc. of the Second Symposium on Usable Privacy and Security, Pittsburgh, Pennsylvania, USA, pp. 44-55, 2006.
- D. Wang and P. Wang, "Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound," IEEE Transactions on Dependable and Secure Computing, vol. PP, no. 99, 2016.
- E. Rescorla and B. Korver, "RFC 2552: Guidelines for Writing RFC Text on Security Considerations," IETF, 2003.