Secure and Inclusive Authentication with a Talking Mobile One-time-password Client


  • Journal: IEEE Security and Privacy, vol. 9, p. 27–34, 2011
  • Internasjonale standardnumre:
    • Trykt: 1540-7993
    • Elektronisk: 1558-4046
  • Lenke:

Cumbersome and complicated authentication procedures to access sensitive online services such as Internet banking can be a nuisance. For people with disabilities or the elderly, poorly designed identity management systems can preclude usage altogether. This article presents a secure and accessible multimodal authentication method to log in to an Internet banking service. The method uses a one-time-password (OTP) client installed on a mobile phone that replaces dedicated OTP generators. The client provides both visual and auditory output, and is based on an application approved for secure log-in to sensitive online services. It allows usage by people whose functional impairments adversely affect their ability to use existing solutions. The authors also discuss implications for development, and make several recommendations for designing usable and accessible security applications and solutions.