Determining the effective authentication factors using touchscreen phones' random numeric keypad

Abstract

For the past decade, the increased usage of touchscreen phone devices has driven the mobile application market that prompted the financial institutes to release their own mobile banking applications to better serve their customers. To date, there are two ways a Thai bank customer can access his/her account(s) via the mobile banking application i) using a 6-digit Personal Identification Number (PIN) or ii) using fingerprint. To help to strengthen the current PIN-only authentication which may be exposed to smudge and shoulder-surfing attacks, the research studied and determined the effective authentication factors using a random numeric keypad. The results from the research indicated that the most effective authentication factors or features among those considered are in fact a combination of the factors which are flight times, dwell times, total dwell time and 2 user-defined values (number of fingers used and gender). However, it is to be noted that there is unequal sample size for each of the user-defined values and this research did not investigate how such occurrences impact the overall accuracy. These factors can be applied in the development of stronger keystroke dynamic model for PIN-based authentication using the random numeric keypad for mobile banking environment.