Enhancing the security of FinTech applications with map-based graphical password authentication

摘要

With the rapid development of information technology (IT) in financial industry, financial technology (FinTech) has become an emerging area for enterprises and organizations. Due to the wide adoption of IT, various FinTech applications are used by financial industry to help process information and offer financial services. Traditionally, textual passwords are the most widely deployed authentication mechanism, while having many known limitations. As a result, there is a need to enhance the security of FinTech authentication against cyber-criminals. As an alternative, graphical passwords (GPs) are considered as one promising solution to complement traditional password-based systems. In the literature, various GP schemes were proposed such as PassPoints, DAS, Cued Click Points, GeoPass, etc. In this work, we identify that multiple password inference has become a challenge for most GP schemes, and thus design RouteMap, a map-and route-based GP to further improve the security of FinTech applications. This scheme requires users to create a route on a world map as their credentials. In the evaluation, we involved a total of 120 participants, among which 60 of them have financial (FinTech) background, and investigated the performance of RouteMap by comparing it with two similar schemes. Our results demonstrate that participants can achieve better performance using RouteMap in the aspects of both authentication accuracy and multiple password memory. Our effort attempts to complement existing studies and stimulate more research on the combination of GP and FinTech. (C) 2019 Elsevier B.V. All rights reserved.