Multi-Factor Authentication Application Assessment: Risk Assessment of Expert-Recommended MFA Mobile Applications

In Proceeding of the Who Are You?! Adventures in Authentication Workshop (WAY), co-located with 16th Symposium on Usable Privacy and Security (SOUPS 2021), August 08, 2021, Virtual. 2021.

6 Pages Posted: 21 Jul 2021

See all articles by Kevin Jensen

Kevin Jensen

University of Denver

Faiza Tazi

University of Denver

Sanchari Das

George Mason University

Date Written: August 8, 2021

Abstract

The increased use of multi-factor authentication (MFA) has prompted the development of many competing MFA applications for secure authentication. Nevertheless, there is little research about the security vulnerabilities of these MFA mobile applications. To aid this, we conducted a thematic analysis on recent MFA-focused articles published in the year 2020 and performed security evaluation of 10 expert-recommended MFA mobile applications using RiskInDroid and Mobile Security Framework (MobSF). We found several code-based, permission-based, and cryptographic-based security violations of the applications which have severe vulnerability vectors. We conclude by providing actionable recommendations to fix any identified vulnerabilities and suggest stringent requirements for security-based applications to protect users from existing vulnerabilities.

Keywords: multi-factor authentication, authentication, cybersecurity, usability, mobile applications, security analysis

Suggested Citation

Jensen, Kevin and Tazi, Faiza and Das, Sanchari, Multi-Factor Authentication Application Assessment: Risk Assessment of Expert-Recommended MFA Mobile Applications (August 8, 2021). In Proceeding of the Who Are You?! Adventures in Authentication Workshop (WAY), co-located with 16th Symposium on Usable Privacy and Security (SOUPS 2021), August 08, 2021, Virtual. 2021., Available at SSRN: https://ssrn.com/abstract=3878387

Kevin Jensen

University of Denver ( email )

2201 S. Gaylord St
Denver, CO 80208-2685
United States

Faiza Tazi

University of Denver ( email )

2201 S. Gaylord St
Denver, CO 80208-2685
United States

Sanchari Das (Contact Author)

George Mason University ( email )

4400 University Drive
Fairfax, VA 22030
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
779
Abstract Views
2,302
Rank
67,247
PlumX Metrics