This would work perfectly if it weren’t for all the humans: Two factor authentication in late modern societies

Authors

  • Paul Watters La Trobe University
  • Patrick Scolyer-Gray La Trobe University
  • A.S.M. Kayes La Trobe University
  • Mohammad Jabed Morshed Chowdhury La Trobe University

DOI:

https://doi.org/10.5210/fm.v24i7.10095

Keywords:

Two Factor authentication, Short Message System, Hacking

Abstract

Late modern societies are now dependent on innumerable digitally networked technologies, yet there are intractable incongruencies between the technologies that we develop, and the corresponding technological literacies of users. This disjuncture has greatly increased the scope and scale of the risks to which globalized publics are exposed. With public cybersecurity literacies necessarily in decline as a result of the techno-social dynamism of “liquid modernity”, we now face an immense and exponentially growing matrix of cyberthreats and vulnerabilities, of which many carry potentially catastrophic consequences. Our interrogation of two-factor authentication systems, popularly implemented through short messaging services (SMSs), is demonstrative of vulnerabilities that continue to emerge as a result of widespread and entrenched disjunctures between the design of contemporary ICT systems, and the various flawed assumptions that undergird their implementation. We examined 400 authentication messages that were automatically posted to a public forum by Web sites commonly used to receive SMS authentication tokens on behalf of users. We found that 76.5 percent of those messages included the name of the application for which the message was intended: in so doing, over three quarters of our sample risked compromising their accounts. Occasionally, we even observed usernames and passwords posted together. The socio-technical implications of our findings for ICT system design in today’s globalized late modern societies are discussed.

Author Biographies

Paul Watters, La Trobe University

Dr. Paul A. Watters is Professor of Cybersecurity at La Trobe University. He was previously the Director of the Internet Commerce Security Laboratory, which is a joint venture between the Australian Federal Police (AFP), Westpac Banking Corporation, IBM, the State Government of Victoria and the University of Ballarat. He is a Fellow of the British Computer Society, a Senior Member of the IEEE, and a Chartered IT Professional.

Patrick Scolyer-Gray, La Trobe University

Dr Patrick Scolyer-Gray is a sociologist and Associate Lecturer in Cybersecurity at La Trobe University, Australia. His research interests include cyberwarfare, participatory and deliberative media, epidemiological studies of information flows, media manipulation and its offensive applications, and ‘post-truth’ politics.

A.S.M. Kayes, La Trobe University

Dr. A. S. M. Kayes is a Lecturer in Cybersecurity at La Trobe University, Australia. His research interests include information modelling, authorization, context-aware access control, fuzzy computation, security and privacy protection.

Mohammad Jabed Morshed Chowdhury, La Trobe University

Dr Mohammad Jabed  Morshed  Chowdhury is Associate Lecturer in Cybersecurity at La Trobe University, Australia. His research interest includes user-centric data sharing, access control modeling, privacy preserving techniques, and blockchain.

Downloads

Published

2019-06-30

How to Cite

Watters, P., Scolyer-Gray, P., Kayes, A., & Chowdhury, M. J. M. (2019). This would work perfectly if it weren’t for all the humans: Two factor authentication in late modern societies. First Monday, 24(7). https://doi.org/10.5210/fm.v24i7.10095