Research Proposal

 

Due to the ever-increasing number of data breach incidents, cyber security also faces constant challenges. This is no longer one factor-based authentication method, such as username and password pairing, but requires multi-level authentication. Even 2FA does not provide sufficient security in all cases, as stated by Muppidi (2017) in his publication. By getting a password for a web page, I redirect the mobile calls of the attackers to other numbers and take over the secondary identifiers.

 

New identification factors are not always convenient for users and their primary adoption is low (Albayram, Khan, and Fagan, 2017). Also, in many cases their justification and the purpose for which the requested data are used are unclear. In this research we try to answer the causes of these dissatisfaction and how it can be improved.

 

 

1.    Literature Review

 

a. What are the secondary or tertiary authentication methods these days?

 

In order to conduct well-grounded research on the use of 2FA, we first need to know which procedures are used for this purpose (SIMON, 2019). In the following section, we review the most commonly used methods.

 

 

Graphical passwords

 

One of the oldest second-level security filters used is graphical passwords. Although they may be suitable for identifying a person, they have not been used significantly. It is most commonly used as an example of captcha for filtering out automated software, and as a secondary security factor it can be found in many places (Vaithyasubramanian, Christy and Saravanan, 2016).

 

Countless attempts have been made to replace traditional PINs and passwords. One such publication is the International Conference on Computing, Electronics & Communications Engineering (iCCECE) (Zujevs, 2019). The author has created a password system where we can create passwords by combining colours, numbers and shapes.

 

Other imaging solutions are described in Asmat and Qasirrf (2019). One possible and widespread solution is to use image pattern, which is also used by Android devices to unlock the device. The second description of the publication is to connect the pattern to digital photos, where the elements of an image need to be linked in a specific order. The third option is a logical jigsaw puzzle that is divided into parts and mixed.

 

The listed solutions could not spread due to simple human characteristics. Because it is true that our brain processes image tasks faster, but it requires much more cognitive work.

 

 

Involvement of other assets

 

Nowadays tiered authentication is the most commonly used when other devices are involved in authentication. Not only can it be a physical device such as a mobile phone with an SMS service connected to it (Kugler, 2019), or an offline application, but also an online service such as a validation email. These are effective methods. For example, Google reported in 2013 that it managed to reduce the number of compromised accounts by 93% with multi-level authentication. However, it should be noted that these secondary tools are not always available and other alternative solutions should be provided (Bonneau, Herley, Van Ooschot and Stajano, 2015).

 

One of these alternatives to 2FA is the use of physical tokens. This possibility has been investigated by Das, Kim, Mare, Streiff and Camp (2019) in a study published in 'Security Mandates are Pervasive: An Inter-School Study on Analyzing User Authentication Behavior'. The researchers chose the Yubico FIDO (Fast Identifying Online) tool from among the possible ones, but others were mentioned. Only 25 students participated in the survey, who were surveyed for demographics and educational level. Participants gave up installing the device on various applications, such as Google Gmail, and trying to use it in different browsers. The survey concluded with the following findings. For inexperienced users, installation is already difficult. Advanced users believed that only a few applications were supported and therefore could not actually use the tool. Many people have also wondered how secure the device really is, and whether the code contained in the tool can be obtained by hackers. These results also justified why these tools were not widely used.

 

Returning to the most commonly used 2FA method, Authentication Email, Herath, Chen, Wang, Banjara, Wilbur and Rao (2014) have researched this topic. The research is quite comprehensive because, as part of an 8-month project, one of the largest email authentication company, eAuth, partnered with web services to develop its own services and to survey user acceptance. Only 30 people participated in the pilot body. Remarkable findings of the research. Participants were aware that emails were one of the most commonly used tools for cyber-attacks, so they did not consider it reliable and voiced it. The second feeling they felt was lack of information, saying that they had not been properly educated on exactly why certification was justified and what level of security it provided.

 

 

Adaptive Authentication

 

One possible solution for multi-level authentication is when a system attempts to resolve authentication through automation. This is a very complex task and there are no standards yet, so the methods used are very diverse. A detailed analysis of this topic is provided in the 2019 publication 'A Survey on Adaptive Authentication' (ARIAS-CABARCOS, KRUPITZER and BECKER, 2019). The complexity of the task is well illustrated in Figure 1, which grouped the causes of adaptation reasons as follows.

 

Fig. 1 Complexity of multi-level authentication

 

A Good Example of Adaptive Identification the Publication of Artificial Intelligence in User Mouse Management (Garabato, Garcia, Novoa and Dafonte, 2019). The study found that our mouse usage habits allow for identification but cannot be used for primary identification. In a system that monitors our activity patterns as a secondary identifier, this can also be a warning sign for unauthorized access.

 

The above research also confirms the importance of adaptive identification but also proves that it is not suitable for immediate primary identification. Due to the need for continuous monitoring and artificial intelligence, the resource requirement is high and may raise data protection concerns (Shigetomi Yamaguchi, Nakata and Kobayashi, 2019).

 

Another argument against adaptive identification is that it uses the same methods as most malicious attackers, continuously monitoring and analysing data. The acquired data can easily model any of our activities (Böhme and Moore, 2016).

 

 

Human Biometric Logging

 

With the drastic reduction in the cost of manufacturing sensors that can be built into computing devices, almost all of our mobile communication devices today are capable of biometric identification. Although the first fingerprint scanners appeared on IBM laptops in 2004, they were not widespread due to their quality and applicability.

 

However, nowadays, biometric identification has become the most secure method that users consider. This finding was made in a study of 695 people questioning their identification habits on mobile device (Rasnayaka and Sim, 2018).

 

Acceptance of Website Security on E-banking. A-Review’, published by Ataya and Ali (2019), investigates how the security identifications used affect the propensity to use. The study reviewed the publications published on the subject over the last 20 years and concluded that the most important user attribute to be considered in the methods used is trust. User confidence has been greatly enhanced by the use of biometric authentication, which, combined with other security filters such as antivirus programs and firewalls, provides an adequate level of security even for online banking.

 

A similar finding was made by Vaithyasubramanian, Christy and Saravanan (2016) in the study 'Access to Network Login by Three-Factor Authentication for Effective Information Security'. They classified user accounts into three categories. The top two categories, Business Critical and High Risk (Financial Services), require at least three levels of authentication, the third level of which is biometric identification.

 

Trust as a key element has been addressed in another study that has compared traditional identifiers to biometric identifiers in e-payment transactions (Ogbanufe and Kim, 2018). There were 94 university students in the United States who participated in the research, so the results are not representative, but they help us to compile our own questionnaire. The survey collected data from all three identification stages of online shopping, such as registration, login, and payment. In the ANOVA analysis, however, trust preceded usability, and the security aspect overwhelmingly convinced why biometric identification was preferred.

 

 

b. Account categories

 

Different types of online accounts require different levels of security. It is not advisable to use the same complexity for a simple social network identification system as for a banking service, as it would make it difficult to apply so much that users would defy it. This fact is also supported by a study conducted at Birmingham Young University after interviewing a relatively large number (4,275) of participants after the introduction of 2-factor identification. A large majority of respondents did not consider it necessary to include mobile devices in the curriculum certification and would only use it for sensitive data or financial services (Dutson, Allen, Eggett and Seamons, 2019).

 

Since the question of this research is when users are willing to go through an identification method and this may vary from one category to another, we need to clarify the possible categories.

 

This topic was investigated in a publication that grouped user accounts in the table below. Of course, a much more tiered table could be created, but the three categories listed there are enough to help you design a questionnaire (Vaithyasubramanian et al. 2016).

 

 

Tab. 1. Security levels assigned to business information

 

In Table 1, the highest level of security is assigned to business information that could be disputed, but since an enterprise system can potentially have a greater value than an unauthorized intrusion, this aspect is acceptable. This point is confirmed by Donalds and Osei-Bryson (2020) in the introduction to his study. However, it should be made clear that only transactions of individuals are included in the second group.

 

 

c. Users’ behaviour

 

As one of the main goals of this research is to improve user habits, it is important to investigate what circumstances influence our cybersecurity decisions and what methods can be used to change bad habits.

 

Environmental Factors

 

As with everything in our daily lives, our cybersecurity behaviour is significantly influenced by environmental factors. These were examined in the publication 'The Interplay between Humans, Technology and User Authentication: A Cognitive Processing Perspective' (Belk, Fidas, Germanakos and Samaras, 2017), which divided the factors into three main groups. The survey assessed the impact of these factors with 164 undergraduate students.

 

The study found that all three factors play an important role in the usability of security systems. Technological, human and design factors must also be considered.

 

 

 

 

Decision styles on individual cybersecurity compliance behaviour

 

 

There is empirical evidence that the main reason for successful security attacks is that users do not follow current practices. There are many factors that influence our decisions regarding the safe use of IT systems. When establishing a well-functioning and widely accepted security system, it is imperative to consider which mechanisms are involved. This topic is covered in detail in the publication 'Cybersecurity compliance behaviour: Exploring the influences of individual decision style and other antecedents'. Donalds and Osei-Bryson (2020) have developed a model that illustrates well how habits influence our decisions and how they relate to each other. This model is shown in Figure 2.

 

 

 

Fig. 2 Proposed Research Model.

 

 

Relationships by model.

 

• H1. Dominant orientation directly influences security self-efficacy.

By dominant orientation we mean that the individual is more thinking or action oriented, whereas self-efficacy refers to which activities to perform. Previous research has shown that self-efficacy is fundamentally dependent on our action or thinking orientation.

• H2, H3. The dominant decision style is influenced by general security orientation and general safety compliance behaviour.

General security orientation is manifested in the individual's willingness and interest, and depends on his or her decision style, but also determines compliance with general safety standards.

• H4, H5. General security orientation affects general security compliance behaviour and password compliance behaviour.

The overall decision style not only directly determines the propensity to comply but also directly through the safety orientation. As well as security orientation, the password management behaviour of an individual also depends.

• H6-H7. Compliance with general security regulations and compliance with passwords is associated with general security awareness.

Security awareness is also important for achieving personal security, and of course, this is reflected in passwords.

• H8-H9. Security self-efficacy is directly related to general security compliance behaviour and password compliance behaviour.

 

These relationships have been proven in previous studies or have been hypothesized by the authors based on their experience, and they believe that applying the model helps to operate a secure system.

 

Changing users’ behaviour

 

Changing users' bad habits also requires the help of IT professionals. A system should be built to not only collect data, but also to inform users of possible attacks and educate them on conscious security behaviour. This should be done in a language that is not understandable to professionals. Security systems should be much more human-centric than technology-centric (Still, Cain and Schuster, 2017).

 

A survey conducted in 2017 looked at the effectiveness of video tutorials. The 399 participants watched an 8-part film series. The episodes dealt with three main themes using the three-way method (2-2-2). These topics were Risk, Self-efficacy, and Contingency.

 

From the demographic point of view, the survey made the following findings. There was no significant difference in gender responses. However, there was a significant difference between the ages and the levels of basic IT knowledge, which greatly influenced the understanding of the videos. The following table from the study showed that of the 3 topics examined, the level of Risk and Self-efficacy was the most important, because those videos where the value was high were the most effective. The value of Contingency did not significantly affect the efficacy (Albayram et al. 2017).

 

Another study examined the same topic in 2014 using a similar method. The 90 American college students attended a video on the importance of 2FA and then watched the impact of this video. Interestingly, most participants agreed that their online account could be the target of a possible attack, yet only a small number adopted 2FA services (Ackerman, 2014). Almost everyone (87%) agreed that 2FA provides greater security. And the vast majority (83%) found it easy to use, but only a minority started using it. The majority who did not change their bad habit explained the reason for this. This table also shows that although they were aware of the necessity and the operation, they were not applied due to simple human error. Although this study may not be considered representative because of the same age and level of knowledge, it has shown how human habits influence our security efforts.

 

 

2.    Aims and Research Questions

 

The basic goal of the research is to examine what procedures services use for online user identification and how accepted they are by users. Ideally, the two sides should work together, but experience shows that there are significant gaps on both sides. Of course, it is the responsibility of the service provider side to operate perfectly secure services with as little inconvenience as possible. While users would be expected to contribute to maintaining the expected level of security through their compliance behaviour. A review of the literature revealed quite a few shortcomings from both sides. From the service provider's point of view, the biggest shortcoming seems to be information and education, and in many cases the value of the service is disproportionate to the value of the personal data collected. On the user side, however, change, mastering new methods, and following rules seem difficult.

 

The main question of the research is:

Are the authentication methods required by the services suitable to ensure a level of security appropriate to the content in the opinion of the users and how can user habits be improved?

 

By answering this question, we can hopefully make suggestions to the operators on what changes can be made to create a more user-friendly identification system, but also guaranteeing sufficient security.

 

3.    Research Methods

 

In the previous chapters, we have described the stages of the first Pre-empirical Stage of the research. In this chapter we move on to the second Empirical Stage, where we design the survey and describe and justify the survey method to be used and finally define the procedures needed for the analysis.

 

 

Survey Benefits

 

The design of the survey should take into account the resources available and the time frame, in addition to the nature of the topic. As the main subject of online authentication is therefore not a disadvantage when conducting an online survey, because those who do not use any online system, they do not have sufficient experience. Another benefit of the online survey is that it can help you reach a larger number of participants, thereby reducing errors from a low number of statistics. Of the online survey methods, verbal interviews require significant resources, such as recording interviews and evaluating responses. Of course, it would be more beneficial if we could talk to each interviewer and filter out the answers to the questions that were not understood but unfortunately, we will not be able to do so in this research. Because of the above, we decided to create an online questionnaire.

 

 

Survey Design

 

As explained in the previous section, using an online questionnaire is the best way to do this research. While reviewing the literature, we did not find exactly the same publication that researched the main issue, which is why we are examining the topic from this perspective. Therefore, based on previous research, it is not possible to repeat a survey that has already been made, correcting their errors. However, it is essential to take into account the results of the publications dealing with the partial issues. When designing the questionnaire, a more detailed and long series of questions should be created from the groups of questions listed in Chapter 2. All possible questions should then be screened for relevance, usability and quantity. Finally, we need to get a series of questions that are not too long to discourage participants from completing, but include all the questions that are important to draw useful conclusions. From the point of view of easier evaluation, it is more expedient to develop questions based on the quantitative method and the corresponding point system, because the numerical data can be displayed with graphs and facilitate later analysis.

 

 

Sampling, Distribution

 

It is not possible to include the whole population in sampling. However, it is advisable to involve as wide a range of participants as possible in the comprehensive response. Almost all of the studies listed in the literature review drew participants from a university environment, thereby significantly distorting the results, so it would be advisable to choose another source. Of the options available, distribution through popular social networks such as Facebook may be most useful. However, only existing acquaintances can send invitations to attend. A feature of such social networks is that it is constantly changing in popularity among different generations. As the older generation joins one, the younger generation tends to move to other platforms. Therefore, it is necessary to find an opportunity to invite the potential participant not only on one platform. Other options are to use specialized platforms for the survey, such as Amazon Mechanical Turk, but they all require both business and financial investment. However, these opportunities should not be ruled out, and if we find one for which we can secure financial resources, then they should also be used.

 

It is advisable to use tools to prepare and publish the questions. Qualtrics, one of the most popular survey tools such as SurveyMonkey, GoogleForm, or Survey Methods, is accessed by the University of Sunderland's university system, and is recommended.

 

 

Question derivation

 

The development of questions is one of the key points in the success of a research and therefore needs to be emphasized. The most important aspects to keep in mind.

 

·         Clarity. You can only give a random answer to an unintelligible question.

·         Simplicity. The question is to ask only one thing.

·         Do not suggest the expected answer.

·         Assessing experience and not a prophecy.

·         Following a logical structure that facilitates understanding.

·         Variable types of questions

o   Radio. For example, "Yes" or "No", we expect only one answer.

o   Checkbox. Used when multiple options are available.

o   Scaling (Likert). If we measure the extent of one thing. It is advisable to use familiar or familiar scales, not new ones. Positive or negative scales can be easily evaluated by scoring.

o   Order. For example, order of importance.

o   Free text. If a list does not include the respondent's opinion, then the other option should include the opportunity to describe the opinion.

 

 

Example of a scaled opinion in Table 2 (Mcleod, 2020):

 

Tab. 2. Example of Likert Scale

 

 

 

Piloting

 

The location described in the previous section should be checked before distribution. Researchers' level of knowledge may distort the clarity and relativity of questions. We need to verify in a smaller number of target communities that our assumptions are correct and that the questions are suitable for processing and that important topics are not missing. If any changes are needed, the new version must be retested before release.

 

 

Analysis

 

Analysing the collected data is greatly facilitated by selecting a good survey tool. In this chapter we have already explained why it is recommended to use Qualtrics. This utility also includes built-in analytics tools to help visualize data, as shown in Figure 3 (Qualtrics, 2020).

 

Fig. 3 Example of Qualtrics Analytics

 

 

The built-in tools will probably not provide full service and analysis of all topics, so it is important to download all the data in an Excel or CSV file and evaluate them using statistical methods and formulas.

 

 

 

 

 

4. Feasibility

 

As the surveyor does not have significant professional experience, solutions should be chosen that are in any case available and can be carried out within the time available. Being too committed should not endanger completion and leaving time to deal with problems in the off-road, but under-planning can also be a problem.

 

As the topic will be identified online and the survey will be conducted through online questionnaires and the invitation will be disseminated online, each participant to whom the invitation is addressed will have the necessary technical tools.

 

The questionnaire is built within the Qualtrics system and has been tested many times and is supported by the university, so it is not expected that there will be any interruption in its use and analysis and downloading of the data obtained.

 

The key issue in implementation is evaluation, because too few and too many participants can make it difficult to process and draw real lessons and suggestions, because without them, research will be futile. Therefore, you must assemble the questionnaire as quickly as possible and test it in pilot tests to get the final version as soon as possible. The final version should also be published as soon as possible in order to involve as many participants as possible, as this will ensure the accuracy of the survey. If the intended English language fails to find a sufficient number of participants, you should try to involve other language participants, but accurate translation is a must to avoid false information.

 

5. Ethical Considerations

 

As with all research, you must adhere to the written and unwritten rules of the profession. Because this research is part of the University of Sunderland's educational program, the University's Research Code of Practice rules outline the main rules. However, there is no specific code of professional ethics that covers all options, but these were part of our education therefore everyone is aware of them. If any problem arises, you should involve the University Research Ethics Group (UREG) and seek their professional background.

 

The most important rules that must be adhered to.

 

·         Health, safety and legal protection of participants

·         Accurate and credible information about the project (Study Information Sheet)

·         Voluntary Participation, Statement of Information and Consent (Consent Form)

 

The first rule is that participants should not be unduly disadvantaged. Special attention should be given to any inconvenience or emergency situation.

 

The information must be comprehensive, not only stating the purpose of the project and the details of the survey, but also including how the data will be used and further plans. Anonymity should also be provided, if requested, and should include who approved the survey and how to contact researchers and supervisors.

 

Voluntary participation does not mean that those who have agreed to do so are required to complete the survey. It shall also be possible to terminate the survey at any time and, if necessary, to delete the individual participant's data. 

References 

Ackerman, P., (2014) ‘Impediments to Adoption of Two-factor Authentication by Home End-Users’, Sans.org. 2020. SANS Institute: Reading Room - Authentication. [online] Available at: https://www.sans.org/reading-room/whitepapers/authentication/impediments-adoption-two-factor-authentication-home-end-users-37607 (Accessed: 02 Marcius 2020). 

Albayram, Y., Khan, M. and Fagan, M., (2017) ‘A Study on Designing Video Tutorials for Promoting Security Features: A Case Study in the Context of Two-Factor Authentication (2FA)’, International Journal of Human–Computer Interaction, 33(11), pp.927-942. 

Arias-Cabarcos, P., Krupitzer, C. and Becker, C., (2019)  ‘A Survey on Adaptive Authentication’, ACM Computing Surveys, 52(4), pp.1-30. 

Asmat, N. and Qasim, H., (2019) ‘Conundrum-Pass: A New Graphical Password Approach’, 2019 2nd International Conference on Communication, Computing and Digital systems (C-CODE), pp. 282–287. doi: 10.1109/C-CODE.2019.8680989. 

Ataya, M. and Ali, M., (2019) ‘Acceptance of Website Security on E-banking. A-Review’, 2019 IEEE 10th Control and System Graduate Research Colloquium (ICSGRC), pp. 201–206. doi: 10.1109/ICSGRC.2019.8837070. 

Belk, M., Fidas, C., Germanakos, P. and Samaras, G., (2017) ‘The interplay between humans, technology and user authentication: A cognitive processing perspective’, Computers in Human Behavior, 76, pp.184-200. 

Bonneau, J., Herley, C., van Oorschot, P. and Stajano, F., (2015) ‘Passwords and the evolution of imperfect authentication’. Communications of the ACM, 58(7), pp.78-87.doi: 10.1145/2699390. 

Böhme, R. and Moore, T., (2016) ‘The “Iterated Weakest Link” Model of Adaptive Security Investment’, Journal of Information Security, 7, 81-102. doi: 10.4236/jis.2016.72006. 

Das, S., Kim, A., Mare, S., Streiff, J. & Camp, L. J ., (2019) ‘Security Mandates are Pervasive: An Inter-School Study on Analyzing User Authentication Behavior’, 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC), Collaboration and Internet Computing (CIC), 2019 IEEE 5th International Conference on, pp. 306–313. doi: 10.1109/CIC48465.2019.00043. 

Donalds, C. and Osei-Bryson, K. M., (2020) ‘Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents’, International Journal of Information Management, 51. doi: 10.1016/j.ijinfomgt.2019.102056. 

Dutson, J., Allen, D., Eggett, D. & Seamons, K.,  (2019) ‘Don’t Punish all of us: Measuring User Attitudes about Two-Factor Authentication’, 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Security and Privacy Workshops (EuroS&PW), 2019

IEEE European Symposium on, pp. 119–128. doi: 10.1109/EuroSPW.2019.00020. 

Garabato, D., García, J.R., Novoa, F.J., Dafonte, C., (2019) ‘Mouse Behavior Analysis Based on Artificial Intelligence as a Second-Phase Authentication System’, Proceedings, (1), p. 29. doi: 10.3390/proceedings2019021029. 

Herath, T., Chen, R., Wang, J., Banjara, K., Wilbur, J. & Rao, H. R.,  (2014) ‘Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service’, Information Systems Journal, 24(1), pp. 61–84. doi: 10.1111/j.1365-2575.2012.00420.x. 

Kugler, L., (2019) ‘The Trouble with SMS Two-Factor Authentication’, Communications of the ACM, 62(6), p. 14. Available at: http://search.ebscohost.com/login.aspx?direct=true&db=bsh&AN=137697917&site=eds-live&scope=site (Accessed: 26 February 2020). 

Mcleod, S., (2020) ’Likert Scale Definition, Examples And Analysis’, Simply Psychology. [online] Simplypsychology.org. Available at: <https://www.simplypsychology.org/likert-scale.html> [Accessed 28 March 2020]. 

Muppidi, S., (2017) ‘Companies Need More Than Two-Factor Authentication to Keep Users Safe’, Harvard Business Review Digital Articles, pp. 2–4. Available at: http://search.ebscohost.com/login.aspx?direct=true&db=bsh&AN=126717086&site=eds-live&scope=site (Accessed: 26 February 2020). 

Ogbanufe, O. and Kim, D. J., (2018) ‘Comparing fingerprint-based biometrics authentication versus traditional authentication methods for e-payment’, Decision Support Systems, 106, pp. 1–14. doi: 10.1016/j.dss.2017.11.003. 

Qualtrics, (2020) ‘Make Data-Driven Business Decisions With Powerful, Predictive Customer Analytics’ [online] Available at: <https://www.qualtrics.com/uk/customer-experience/customer-analytics/> [Accessed 28 March 2020]. 

Rasnayaka, S. and Sim, T., (2018) ‘Who wants Continuous Authentication on Mobile Devices?’, 2018 IEEE 9th International Conference on Biometrics Theory, Applications and Systems (BTAS), Biometrics Theory, Applications and Systems (BTAS), 2018 IEEE 9th International Conference on, pp. 1–9. doi: 10.1109/BTAS.2018.8698599. 

Shigetomi Yamaguchi, R., Nakata, T. and Kobayashi, R., (2019) ‘Redefine and Organize, 4th Authentication Factor’, Behavior, 2019 Seventh International Symposium on Computing and Networking Workshops (CANDARW), Computing and Networking Workshops (CANDARW), 2019 Seventh International Symposium on, CANDARW, pp. 412–415. doi: 10.1109/CANDARW.2019.00077. 

SIMON, M., (2019) ‘Two-factor authentication: How to choose the right level of security for every account’, PCWorld, 37(5), pp. 91–98. Available at: http://search.ebscohost.com/login.aspx?direct=true&db=bsh&AN=136170021&site=eds-live&scope=site (Accessed: 26 February 2020). 

Still, J. D., Cain, A. and Schuster, D., (2017) ‘Human-centered authentication guidelines’, Information & Computer Security, 25(4), p. 437. Available at: http://search.ebscohost.com/login.aspx?direct=true&db=edb&AN=125625625&site=eds-live&scope=site (Accessed: 26 February 2020). 

Vaithyasubramanian, S., Christy, A. and Saravanan, D., (2016) ‘Access to Network Login by Three-Factor Authentication for Effective Information Security’, Scientific World Journal, p. 1. Available at: http://search.ebscohost.com/login.aspx?direct=true&db=edb&AN=113264478&site=eds-live&scope=site (Accessed: 2 March 2020). 

Zujevs, N., (2019) ‘Authentication by Graphical Passwords Method “Hope”’, 2019 International Conference on Computing, Electronics & Communications Engineering (iCCECE), Computing, Electronics & Communications Engineering (iCCECE), 2019 International Conference on, pp. 94–99. doi: 10.1109/iCCECE46942.2019.8941758.