Multi-Factor Authentication Application Assessment: Risk Assessment of Expert-Recommended MFA Mobile Applications
In Proceeding of the Who Are You?! Adventures in Authentication Workshop (WAY), co-located with 16th Symposium on Usable Privacy and Security (SOUPS 2021), August 08, 2021, Virtual. 2021.
6 Pages Posted: 21 Jul 2021
Date Written: August 8, 2021
Abstract
The increased use of multi-factor authentication (MFA) has prompted the development of many competing MFA applications for secure authentication. Nevertheless, there is little research about the security vulnerabilities of these MFA mobile applications. To aid this, we conducted a thematic analysis on recent MFA-focused articles published in the year 2020 and performed security evaluation of 10 expert-recommended MFA mobile applications using RiskInDroid and Mobile Security Framework (MobSF). We found several code-based, permission-based, and cryptographic-based security violations of the applications which have severe vulnerability vectors. We conclude by providing actionable recommendations to fix any identified vulnerabilities and suggest stringent requirements for security-based applications to protect users from existing vulnerabilities.
Keywords: multi-factor authentication, authentication, cybersecurity, usability, mobile applications, security analysis
Suggested Citation: Suggested Citation