{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T12:03:29Z","timestamp":1773144209066,"version":"3.50.1"},"reference-count":35,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2016,10,10]],"date-time":"2016-10-10T00:00:00Z","timestamp":1476057600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2016,10,10]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords serve as the first authentication factor, a common approach to implementing the second factor is sending a one-time code, either via e-mail or text message. The prevalence of smartphones, however, creates security risks in which a stolen phone leads to user\u2019s accounts being accessed. Physical tokens such as RSA\u2019s SecurID create extra burdens for users and cannot be used on many accounts at once. This study aims to improve the usability and security for two-factor online authentication.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>The authors propose a novel second authentication factor that, similar to passwords, is also based on something the user knows but operates similarly to a one-time code for security purposes. The authors design this component to provide higher security guarantee with minimal memory burden and does not require any additional communication channels or hardware. Motivated by psychology research, the authors leverage users\u2019 autobiographical memory in a novel way to create a secure and memorable component for two-factor authentication.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>In a multi-session lab study, all of the participants were able to log in successfully on the first attempt after a one-week delay from registration and reported satisfaction on the usability of the scheme.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>The results indicate that the proposed approach to leverage autobiographical memory is a promising direction for further research on second authentication factor based on something the user knows.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-01-2016-0005","type":"journal-article","created":{"date-parts":[[2016,10,19]],"date-time":"2016-10-19T09:36:10Z","timestamp":1476869770000},"page":"386-399","source":"Crossref","is-referenced-by-count":2,"title":["Leveraging autobiographical memory for two-factor online authentication"],"prefix":"10.1108","volume":"24","author":[{"given":"Mahdi Nasrullah","family":"Al-Ameen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"S.M. Taiabul","family":"Haque","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Matthew","family":"Wright","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020121201234523400_ref031","article-title":"The impact of cues and user interaction on the memorability of system-assigned recognition-based graphical passwords","year":"2015"},{"key":"key2020121201234523400_ref032","article-title":"Leveraging real-life facts to make random passwords more memorable","year":"2015"},{"key":"key2020121201234523400_ref035","article-title":"A comprehensive study of the GeoPass user authentication scheme","year":"2014"},{"key":"key2020121201234523400_ref030","article-title":"Towards making random passwords memorable: leveraging users\u2019 cognitive ability through multiple cues","year":"2015"},{"issue":"2","key":"key2020121201234523400_ref017","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1037\/h0033773","article-title":"Recognition and recall processes in free recall","volume":"79","year":"1972","journal-title":"Psychological Review"},{"issue":"4","key":"key2020121201234523400_ref009","article-title":"Graphical passwords: learning from the first twelve years","volume":"44","year":"2012","journal-title":"ACM Computing Surveys"},{"issue":"4","key":"key2020121201234523400_ref016","article-title":"Memory and the self","volume":"53","year":"2005","journal-title":"Journal of Memory and Language"},{"issue":"2","key":"key2020121201234523400_ref015","article-title":"The construction of autobiographical memories in the self-memory system","volume":"107","year":"2000","journal-title":"Psychological Review"},{"key":"key2020121201234523400_ref001","first-page":"2005","article-title":"Authentication in an internet banking environment","volume-title":"Financial Institution Letter, FIL-103-2005","year":"2005"},{"key":"key2020121201234523400_ref003","article-title":"A comparative usability study of two-factor authentication","year":"2013"},{"key":"key2020121201234523400_ref021","unstructured":"Forget, A. (2012), \u201cA world with many authentication schemes\u201d, Ph.D dissertation, Carleton University, Ottawa, ON."},{"issue":"2","key":"key2020121201234523400_ref020","article-title":"A long-term trial of alternative user authentication technologies","volume":"12","year":"2004","journal-title":"Information Management and Computer Security"},{"key":"key2020121201234523400_ref027","article-title":"A diary study of password usage in daily life","year":"2011"},{"issue":"4","key":"key2020121201234523400_ref014","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1002\/(SICI)1099-0720(199808)12:4<371::AID-ACP572>3.0.CO;2-U","article-title":"Manipulating remember and know judgements of autobiographical memories: An investigation of false memory creation","volume":"12","year":"1998","journal-title":"Applied Cognitive Psychology"},{"key":"key2020121201234523400_ref002","article-title":"Understanding the security and privacy rules associated with hitech and hipaa acts, topic: multifactor authentication","author":"J.G.S.IT","year":"2011"},{"key":"key2020121201234523400_ref011","article-title":"Personal choice and challenge questions a security and usability assessment","year":"2009"},{"key":"key2020121201234523400_ref018","article-title":"Models for free recall and recognition","volume-title":"Models of Human Memory","year":"1970"},{"key":"key2020121201234523400_ref005","article-title":"Analysis of the reliability of a nationwide short message service","year":"2007"},{"key":"key2020121201234523400_ref007","article-title":"Email dependability","volume-title":"Email Management World","year":"2004"},{"key":"key2020121201234523400_ref028","article-title":"Age-related performance issues for pin and face-based authentication systems","year":"2013"},{"issue":"3","key":"key2020121201234523400_ref013","doi-asserted-by":"crossref","first-page":"510","DOI":"10.1037\/0882-7974.21.3.510","article-title":"Autobiographical memory, autonoetic consciousness, and self- perspective in aging","volume":"21","year":"2006","journal-title":"Psychology and Aging"},{"key":"key2020121201234523400_ref023","article-title":"Personal knowledge questions for fallback authentication: security questions in the era of facebook","year":"2008"},{"key":"key2020121201234523400_ref004","unstructured":"Rainie, L. and Zickuhr, K. (2015), \u201cAmericans views on mobile etiquette\u201d, available at: www.pewinternet.org\/2015\/08\/26\/americans-views-on-mobile-etiquette\/"},{"key":"key2020121201234523400_ref033","unstructured":"Robertson, J. (2011), \u201cStats: We\u2019re doing it wrong\u201d, available at: http:\/\/cacm.acm.org\/blogs\/blog-cacm\/107125-stats-were-doing-it-wrong\/fulltext"},{"key":"key2020121201234523400_ref008","article-title":"The science behind passfaces","author":"R.U.P Authentication","year":"2004"},{"key":"key2020121201234523400_ref026","article-title":"Exploring the design space of graphical passwords on smartphones","year":"2013"},{"key":"key2020121201234523400_ref022","article-title":"It\u2019s no secret: Measuring the security and reliability of authentication via \u2018secret\u2019 questions","year":"2009"},{"issue":"1","key":"key2020121201234523400_ref024","article-title":"Prediction and entropy of printed english","volume":"30","year":"1951","journal-title":"Bell System Technical Journal"},{"key":"key2020121201234523400_ref006","unstructured":"Smith, A. (2015), \u201cUS smartphone use in 2015\u201d, available at: www.pewinternet.org\/2015\/04\/01\/us-smartphone-use-in-2015\/"},{"key":"key2020121201234523400_ref010","article-title":"A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords","year":"2006"},{"issue":"4","key":"key2020121201234523400_ref019","doi-asserted-by":"crossref","first-page":"739","DOI":"10.2307\/1422081","article-title":"Continuity between recall and recognition","volume":"86","year":"1973","journal-title":"American Journal of Psychology"},{"key":"key2020121201234523400_ref034","unstructured":"Valentine, T. (1999), \u201cAn evaluation of the passface personal authentication system\u201d, Technical Report, Goldsmiths College University of London, London."},{"key":"key2020121201234523400_ref012","first-page":"21","article-title":"Autobiographical memory","year":"2008"},{"key":"key2020121201234523400_ref029","article-title":"Do you see your password? Applying recognition to textual passwords","year":"2012"},{"key":"key2020121201234523400_ref025","unstructured":"Young, B. (2015), \u201cFoundations of computer security, lecture 35: entropy of english\u201d, available at: www.cs.utexas.edu\/\u223cbyoung\/cs361\/lecture35.pdf"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-01-2016-0005","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2016-0005\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2016-0005\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:34Z","timestamp":1753406554000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/24\/4\/386-399\/107827"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,10,10]]},"references-count":35,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2016,10,10]]}},"alternative-id":["10.1108\/ICS-01-2016-0005"],"URL":"https:\/\/doi.org\/10.1108\/ics-01-2016-0005","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2016,10,10]]}}}