{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T19:04:14Z","timestamp":1754161454816,"version":"3.41.2"},"reference-count":30,"publisher":"Emerald","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010,6,8]]},"abstract":"\n Purpose<\/jats:title>\n The purpose of this paper is to address some weaknesses in the handling of current multi-factor authentication, suggests some criteria for overcoming these weaknesses and presents a simple proof of concept authentication system.<\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n First, this paper evaluates some of the underlying practices and assumptions in multi-factor authentication systems. Next, the paper assesses the implications of these when compared to a quantitative authentication risk management approach. Based upon these implications this paper next note the requirements for an improved system and detail some related research areas that meet these requirements. Finally, this paper discussed how a system that meets these requirements through the application of that research could provide benefits and outlined a simple points-based authentication system.<\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n The paper proposes that many of the weaknesses in authentication confidence management could be effectively mitigated through the deployment of a factor independent multi-modal fusion quantitative authentication-based system. This paper details a simple point-based approach that does this and discuss how addressing the problems in handling authentication confidence could further optimise risk management in multi-factor authentication systems.<\/jats:p>\n <\/jats:sec>\n \n Practical implications<\/jats:title>\n This paper's suggestions for optimising multi-factor authentication have many implications within medium to high-security commercial and government applications. Correct authentication risk handling enables decisions regarding risk and authentication to be made more accurately.<\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n This implications of the issues discussed in this paper have relevance to anyone who deploys or uses any medium to high-security authentication system. As the bottom end of the medium to high-security range includes online banking, there are implications for a wide range of stakeholders.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/09685221011048355","type":"journal-article","created":{"date-parts":[[2010,6,5]],"date-time":"2010-06-05T07:05:00Z","timestamp":1275721500000},"page":"124-139","source":"Crossref","is-referenced-by-count":1,"title":["Assessing and improving authentication confidence management"],"prefix":"10.1108","volume":"18","author":[{"given":"Michael","family":"Pearce","sequence":"first","affiliation":[{"name":"Department of Computer Science and Software Engineering, University of Canterbury, Christchurch, New Zealand"}]},{"given":"Sherali","family":"Zeadally","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Information Technology, University of the District of Columbia, Washington, DC, USA"}]},{"given":"Ray","family":"Hunt","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Software Engineering, University of Canterbury, Christchurch, New Zealand"}]}],"member":"140","reference":[{"key":"2025072819513103500_b3","doi-asserted-by":"crossref","unstructured":"Brainard, I.\n , Juels, A., Rivest, R.L., Szydlo, M. and Yung, M. (2006), \u201cFourth-factor authentication: somebody you know\u201d, Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS '06), ACM, New York, USA.","DOI":"10.1145\/1180405.1180427"},{"key":"2025072819513103500_b4","doi-asserted-by":"crossref","unstructured":"Braz, C.\n and Robert, J. (2006), \u201cSecurity and usability: the case of the user authentication methods\u201d, Proceedings of the 18th International Conference of the Association Francophone d'Interaction Homme-Machine, April 18-21, Montreal, Canada, pp. 199-203.","DOI":"10.1145\/1132736.1132768"},{"key":"2025072819513103500_b5","unstructured":"Burr, W.\n , Dodson, D. and Polk, W. (2007), Electronic Authentication Guideline, National Institute of Standards and Technology, Gaithersburg, MD, Special Puiblication 800-63, pp. 800-63."},{"key":"2025072819513103500_b6","unstructured":"Chaowen, C.\n , Yuqiao, W. and Chen, L. (2009), \u201cAnalysis and design of an access control model based on credibility\u201d, Proceedings of the 2009 International Conference on Computer Engineering and Technology \u2013 Volume 01 (ICCET), January, IEEE Computer Society, Washington, DC, USA."},{"issue":"6","key":"2025072819513103500_b7","doi-asserted-by":"crossref","first-page":"674","DOI":"10.1109\/3468.798073","article-title":"Multimodal decision-level fusion for person authentication","volume":"29","author":"Chatzis","year":"1999","journal-title":"IEEE Transactions on Systems. Man and Cybernetics. Part A: Systems Humans"},{"key":"2025072819513103500_b8","unstructured":"Chokhani, S.\n (2004), \u201cKnowledge based authentication (KBA) metrics\u201d, paper presented at KBA Symposium \u2013 Knowledge Based Authentication: Is it Quantifiable?, Gaithersburg, MD."},{"issue":"3","key":"2025072819513103500_b9","doi-asserted-by":"crossref","first-page":"291","DOI":"10.1023\/A:1009700419189","article-title":"Adaptive fraud detection","volume":"1","author":"Fawcett","year":"1997","journal-title":"Data Min. Knowl. Discov."},{"key":"2025072819513103500_b2","unstructured":"ISO\n (2009), Risk Management \u2013 Principles and Guidelines, ISO 31000:2009, International Organisation for Standardization, Geneva."},{"key":"2025072819513103500_b10","doi-asserted-by":"crossref","unstructured":"Irani, D.\n (2008), Evolutionary Study of Phishing eCrime Researchers Summit, Georgia Institute of Technology, Atlanta, GA.","DOI":"10.1109\/ECRIME.2008.4696967"},{"issue":"4","key":"2025072819513103500_b11","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1145\/975817.975820","article-title":"The domino effect of password reuse","volume":"47","author":"Ives","year":"2004","journal-title":"Communications of the ACM"},{"issue":"2","key":"2025072819513103500_b12","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1145\/328236.328110","article-title":"Biometric identification","volume":"43","author":"Jain","year":"2000","journal-title":"Communications of the ACM"},{"key":"2025072819513103500_b14","doi-asserted-by":"crossref","unstructured":"Jaynes, E.T.\n and Bretthorst, G.L. (2003), Probability Theory: The Logic of Science, Cambridge University Press, Cambridge.","DOI":"10.1017\/CBO9780511790423"},{"key":"2025072819513103500_b15","doi-asserted-by":"crossref","unstructured":"Kalka, N.\n , Bartlow, N. and Cukic, B. (2009), \u201cDecision dependability and its application to identity management\u201d, Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, ACM, New York, NY, USA.","DOI":"10.1145\/1558607.1558685"},{"key":"2025072819513103500_b16","doi-asserted-by":"crossref","unstructured":"Karaca, K.\n and Levi, A. (2008), \u201cTowards a framework for security analysis of multiple password schemes\u201d, Proceedings of the 1st European Workshop on System Security (EUROSEC '08), ACM, New York, NY, USA.","DOI":"10.1145\/1355284.1355288"},{"issue":"4","key":"2025072819513103500_b17","doi-asserted-by":"crossref","first-page":"867","DOI":"10.1109\/TSMCB.2008.2009071","article-title":"Multimodal biometric system using rank-level fusion approach","volume":"39","author":"Monwar","year":"2009","journal-title":"IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics"},{"key":"2025072819513103500_b18","doi-asserted-by":"crossref","unstructured":"Nenadic, A.\n , Zhang, N., Yao, L. and Morrow, T. (2007), \u201cLevels of authentication assurance: an investigation\u201d, Third International Symposium on Information Assurance and Security (IAS 2007), August 29-31, IEEE, Washington, DC, pp. 155-160.","DOI":"10.1109\/ISIAS.2007.4299767"},{"key":"2025072819513103500_b19","unstructured":"New South Wales Ministry of Transport\n (2009), \u201cProving your identity to the Ministry of Transport\u201d, available at: www.transport.nsw.gov.au\/licensing\/100-point-check.pdf (accessed October 5, 2009)."},{"key":"2025072819513103500_b21","unstructured":"Office of Consumer and Business Affairs, South Australia\n (2009), \u201cProof of identity\u201d, available at: www.ocba.sa.gov.au\/consumeradvice\/idtheft\/identity.html (accessed October 5, 2009)."},{"issue":"12","key":"2025072819513103500_b20","doi-asserted-by":"crossref","first-page":"2021","DOI":"10.1109\/JPROC.2003.819611","article-title":"Comparing passwords, tokens, and biometrics for user authentication","volume":"91","author":"O'Gorman","year":"2003","journal-title":"Proceedings of the IEEE"},{"key":"2025072819513103500_b23","doi-asserted-by":"crossref","unstructured":"Phiri, J.\n and Agbinya, J.I. (2006), \u201cModelling and information fusion in digital identity management systems\u201d, International Conference on Networking, Systems and Mobile Communications and Learning Technologies (ICN\/ICONS\/MCL 2006), April 23-29, IEEE, Washington, DC, pp. 181-181.","DOI":"10.1109\/ICNICONSMCL.2006.152"},{"key":"2025072819513103500_b22","doi-asserted-by":"crossref","unstructured":"Phiri, J.\n and Agbinya, J.I. (2007), \u201cFusion of multi-modal credentials for authentication in digital identity management systems\u201d, The 2nd International Conference on Wireless Broadband and Ultra Wideband Communications (AusWireless 2007), August 27-30, IEEE, Washington, DC, pp. 20-20.","DOI":"10.1109\/AUSWIRELESS.2007.34"},{"key":"2025072819513103500_b24","doi-asserted-by":"crossref","unstructured":"Rodriguez, L.P.\n , Crespo, A.G., Lara, M. and Mezcua, B.R. (2008), \u201cStudy of different fusion techniques for multimodal biometric authentication\u201d, International Conference on Networking and Communications, Wireless and Mobile Computing (WIMOB '08), October 12-14, IEEE, Washington, DC, pp. 666-671.","DOI":"10.1109\/WiMob.2008.29"},{"key":"2025072819513103500_b25","doi-asserted-by":"crossref","unstructured":"Ruiz-Mezcua, B.\n , Garcia-Plaza, D., Fernandez, C., Domingo-Garcia, P. and Fernandez, F. (1999), \u201cBiometrics verification in a real environment\u201d, Proceedings of the IEEE 33rd Annual 1999 International Carnahan Conference on Security Technology, IEEE, Washington, DC, USA, pp. 243-6.","DOI":"10.1109\/CCST.1999.797920"},{"key":"2025072819513103500_b26","doi-asserted-by":"crossref","unstructured":"Snelick, R.\n , Indovina, M., Yen, J. and Mink, A. (2003), \u201cMultimodal biometrics: issues in design and testing\u201d, Proceedings of the 5th International Conference on Multimodal Interfaces (Vancouver, British Columbia, Canada (ICMI '03), November 05-07, ACM, New York, NY, pp. 68-72.","DOI":"10.1145\/958432.958447"},{"key":"2025072819513103500_b1","unstructured":"Standards Australia and Standards New Zealand\n (2004), AS\/NZS 4360: 2004 Risk Management, Standards Australia and Standards New Zealand, Sydney."},{"key":"2025072819513103500_b28","doi-asserted-by":"crossref","unstructured":"Yesberg, J.\n and Anderson, M. (1995), \u201cQuARC: expressive security mechanisms\u201d, Proceedings of the 1995 Workshop on New Security Paradigms, August 22-25, La Jolla, CA, pp. 34-40.","DOI":"10.1109\/NSPW.1995.492342"},{"issue":"7","key":"2025072819513103500_b27","doi-asserted-by":"crossref","first-page":"633","DOI":"10.1016\/S0167-4048(96)00014-4","article-title":"Quantitative authentication and vouching","volume":"15","author":"Yesberg","year":"1996","journal-title":"Computers and Security"},{"key":"2025072819513103500_b29","unstructured":"Yung, M.\n (2009), \u201cOn the evolution of user authentication: non-bilateral factors\u201d, Lecture Notes in Computer Science, Springer, New York, NY."},{"issue":"1","key":"2025072819513103500_b30","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1109\/MITP.2009.8","article-title":"Improving identity discovery through fusion","volume":"11","author":"Zoepfl","year":"2009","journal-title":"IT Professional"},{"key":"2025072819513103500_frd1","unstructured":"Jain, A.\n , Prabhakar, S. and Ross, A. (1999), \u201cFingerprint matching: data acquisition and performance evaluation\u201d, Technical Report MSU-TR:99-14, Michigan State University, East Lansing, MI."}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685221011048355","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685221011048355\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/18\/2\/124\/1243882\/09685221011048355.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/18\/2\/124\/1243882\/09685221011048355.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T23:51:42Z","timestamp":1753746702000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/ics\/article\/18\/2\/124\/181877\/Assessing-and-improving-authentication-confidence"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,6,8]]},"references-count":30,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2010,6,8]]}},"URL":"https:\/\/doi.org\/10.1108\/09685221011048355","relation":{},"ISSN":["0968-5227","1758-5805"],"issn-type":[{"type":"print","value":"0968-5227"},{"type":"electronic","value":"1758-5805"}],"subject":[],"published":{"date-parts":[[2010,6,8]]}}}