Tinjauan Literatur: Dampak Model Mental Pengguna Terhadap Implementasi Multi-Factor Authentication Untuk Mitigasi Risiko Password Guessing di Konteks Organisasi
Keywords:
MFA Implementation, User Mental Model, Multi-Factor Authentication (MFA), Systematic Literature Review (SLR)Abstract
This study is a Systematic Literature Review (SLR) aimed at analyzing the impact of users’ mental models on the implementation of Multi-Factor Authentication (MFA) in mitigating password guessing risks within organizational environments. A total of 200 initial articles were identified from Google Scholar using keywords related to MFA, and after the PRISMA selection process, 10 core articles were obtained for further analysis. The reviewed literature consists of publications from 2020–2025, in both Indonesian and English. The results show that expert users tend to perceive MFA as a beneficial additional security layer, while non-expert users regard it as a burdensome task. The main obstacles include a lack of understanding, low risk perception, and reliance on mobile devices. The analysis was conducted using a mental model approach to understand the differences in users’ perceptions and experiences of MFA. The findings highlight the importance of aligning MFA design and policies with users’ needs and understanding. Innovations such as adaptive MFA and Single Input Multi-Factor Authentication (SIMFA) are recommended to enhance both security and user convenience.
References
[1] A. H. Y. Mohammed, R. A. Dziyauddin, and L. A. Latiff, “Current multi-factor of authentication: Approaches, requirements, attacks and challenges,” Int. J. Adv. Comput. Sci. Appl., vol. 14, no. 1, pp. 1–19, 2023, doi: 10.14569/IJACSA.2023.0140119.
[2] S. Das, B. Wang, A. Kim, and L. J. Camp, “MFA is a necessary chore! Exploring user mental models of multi-factor authentication technologies,” in Proc. 53rd Hawaii Int. Conf. Syst. Sci. (HICSS-53), 2020, pp. 5782–5791.
[3] D. Prabakaran and S. Ramachandran, “Multi-factor authentication for secured financial transactions in cloud environment,” Computers, Materials & Continua, vol. 70, no. 1, pp. 1781–1798, 2022.
[4] M. A. Nugraha, D. Arisandi, and N. J. Perdana, “Pengamanan website e-commerce menggunakan multi-factor authentication,” J. Ilmu Komputer dan Sistem Informasi, vol. 9, no. 1, pp. 158–162, [n.d.].
[5] S. Chari, Z. Gu, H. Huang, and D. Pendarakis, “Single channel input multi-factor authentication via separate processing pathways,” U.S. Patent 10,904,246 B2, Feb. 2, 2021.
[6] A. M. Aburbeian and M. Fernández-Veiga, “Secure internet financial transactions: A framework integrating multi-factor authentication and machine learning,” AI, vol. 5, no. 1, pp. 177–194, 2024, doi: 10.3390/ai5010010.
[7] A. M. Mostafa et al., “Strengthening cloud security: An innovative multi-factor multi-layer authentication framework for cloud user authentication,” Appl. Sci., vol. 13, no. 19, Art. 10871, 2023, doi: 10.3390/app131910871.
[8] G. Ali, M. A. Dida, and A. E. Sam, “A secure and efficient multi-factor authentication algorithm for mobile money applications,” Future Internet, vol. 13, no. 12, Art. 299, 2021, doi: 10.3390/fi13120299.
[9] W. Li, H. Cheng, P. Wang, and K. Liang, “Practical threshold multi-factor authentication,” IEEE Trans. Inf. Forensics Security, vol. 16, pp. 3573–3588, 2021, doi: 10.1109/TIFS.2021.3081263.
[10] H. Khalid, S. J. Hashim, S. M. Syed Ahmad, F. Hashim, and M. A. Chaudhary, “SELAMAT: A new secure and lightweight multi-factor authentication scheme for cross-platform industrial IoT systems,” Sensors, vol. 21, no. 4, Art. 1428, 2021.
[11] S. AlJanah, N. Zhang, and S. W. Tay, “A multi-factor homomorphic encryption-based method for authenticated access to IoT devices,” arXiv preprint, arXiv:2307.03291, 2023.
[12] S. AlJanah, N. Zhang, and S. W. Tay, “M2I: Multi-factor multi-level and interaction-based authentication framework for IoT,” arXiv preprint, 2022.
[13] B. Yang, X. Li, Y. Xie, and H. Yu, “AI-oriented two-phase multi-factor authentication in SAGINs,” arXiv preprint, arXiv:2303.17833, 2023.
[14] W. d. R. Bezerra, P. A. Costa, and R. D. Alves, “Characteristics and main threats about multi-factor authentication: A survey,” arXiv preprint, 2022.
[15] T. Suleski, J. Nielsen, and J. Edberg, “A review of multi-factor authentication in the Internet of Healthcare Things,” Digital Health, vol. 9, pp. 1–12, 2023, doi: 10.1177/20552076231177144.
[16] S. Mali, “Assessing the effectiveness of multi-factor authentication in cloud-based big data environments,” IoT and Cloud Computing, vol. 12, no. 2, 2024.
[17] E. Marasco, R. Ghiass, and A. Ross, “Biometric multi-factor authentication: On the usability of the FingerPIN scheme,” Security and Privacy, vol. 5, no. 1, pp. 1–12, 2022.
[18] M. Saleh and A. Abdel-Hamid, “A blockchain-based multi-factor authentication framework for IoT devices,” Sensors, vol. 23, no. 4, Art. 1890, 2023.
[19] A. I. Abubakar, N. Hashim, and Y. Yahya, “A lightweight multi-factor authentication protocol for resource-constrained environments,” Int. J. Adv. Comput. Sci. Appl., vol. 13, no. 8, 2022.
[20] R. Chatterjee and M. Green, “The security of modern password expiration: An MFA perspective,” in Proc. IEEE Symp. Security and Privacy, 2021, pp. 1–15.
Downloads
Published
Issue
Section
License
All materials contained within this journal are protected by Intellectual Property Corporation of Malaysia, Copyright Act 1987 and may not be reproduced, distributed, transmitted, displayed, published, or
broadcast without the prior, express written permission of Centre for Graduate Studies, Universiti Selangor, Malaysia. You may not alter or remove any copyright or other notice from copies of this content.
