TY - JOUR
T1 - Enhancing the security of FinTech applications with map-based graphical password authentication
AU - Meng, Weizhi
AU - Zhu, L.
AU - Li, Wenjuan
AU - Han, Jinguang
AU - Li, Yan
N1 - Funding Information:
The authors would like to thank all participants for their hard work and cooperation in the user study. Weizhi Meng was partially supported by H2020 - CyberSec4Europe under the No. 830929 .
Publisher Copyright:
© 2019 Elsevier B.V.
PY - 2019/12
Y1 - 2019/12
N2 - With the rapid development of information technology (IT) in financial industry, financial technology (FinTech) has become an emerging area for enterprises and organizations. Due to the wide adoption of IT, various FinTech applications are used by financial industry to help process information and offer financial services. Traditionally, textual passwords are the most widely deployed authentication mechanism, while having many known limitations. As a result, there is a need to enhance the security of FinTech authentication against cyber-criminals. As an alternative, graphical passwords (GPs) are considered as one promising solution to complement traditional password-based systems. In the literature, various GP schemes were proposed such as PassPoints, DAS, Cued Click Points, GeoPass, etc. In this work, we identify that multiple password inference has become a challenge for most GP schemes, and thus design RouteMap, a map-and route-based GP to further improve the security of FinTech applications. This scheme requires users to create a route on a world map as their credentials. In the evaluation, we involved a total of 120 participants, among which 60 of them have financial (FinTech) background, and investigated the performance of RouteMap by comparing it with two similar schemes. Our results demonstrate that participants can achieve better performance using RouteMap in the aspects of both authentication accuracy and multiple password memory. Our effort attempts to complement existing studies and stimulate more research on the combination of GP and FinTech.
AB - With the rapid development of information technology (IT) in financial industry, financial technology (FinTech) has become an emerging area for enterprises and organizations. Due to the wide adoption of IT, various FinTech applications are used by financial industry to help process information and offer financial services. Traditionally, textual passwords are the most widely deployed authentication mechanism, while having many known limitations. As a result, there is a need to enhance the security of FinTech authentication against cyber-criminals. As an alternative, graphical passwords (GPs) are considered as one promising solution to complement traditional password-based systems. In the literature, various GP schemes were proposed such as PassPoints, DAS, Cued Click Points, GeoPass, etc. In this work, we identify that multiple password inference has become a challenge for most GP schemes, and thus design RouteMap, a map-and route-based GP to further improve the security of FinTech applications. This scheme requires users to create a route on a world map as their credentials. In the evaluation, we involved a total of 120 participants, among which 60 of them have financial (FinTech) background, and investigated the performance of RouteMap by comparing it with two similar schemes. Our results demonstrate that participants can achieve better performance using RouteMap in the aspects of both authentication accuracy and multiple password memory. Our effort attempts to complement existing studies and stimulate more research on the combination of GP and FinTech.
KW - FinTech application
KW - Graphical passwords
KW - Map passwords
KW - Multiple password inference
KW - Security and usability
KW - User authentication
UR - http://www.scopus.com/inward/record.url?scp=85069833628&partnerID=8YFLogxK
U2 - 10.1016/j.future.2019.07.038
DO - 10.1016/j.future.2019.07.038
M3 - Journal article
AN - SCOPUS:85069833628
SN - 0167-739X
VL - 101
SP - 1018
EP - 1027
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -