**6. Conclusions**

The research presented in this book chapter summarizes the definition of a theoretical framework. This framework will help in the comparison and selection of the most appropriate authentication schemes or multifactor authentication methods for applications created by software developers. It has been created through the application of an action-research methodology that considered the utilization of various other research methodologies that helped to contribute in distinct ways to the research objective.

**References**

441-458

11737

[1] O'Gorman L. Comparing passwords,

*DOI: http://dx.doi.org/10.5772/intechopen.89876*

*Multifactor Authentication Methods: A Framework for Their Comparison and Selection*

[10] Colnago J, Devlin S, Oates M, Swoopes C, Bauer L, Cranor L, et al., editors. "It's not actually that horrible": Exploring adoption of two-factor authentication at a university. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing

[11] Huang X, Xiang Y, Chonka A, Zhou J, Deng RH. A generic framework

[12] Easttom II WC. Computer Security Fundamentals: Pearson IT Certification;

[13] Nissanke N, Khayat EJ, editors. Risk Based Security Analysis of Permissions

framework for comparative evaluation of web authentication schemes. In: 2012 IEEE Symposium on Security and

[15] Forget A, Chiasson S, Biddle R. User-centred authentication feature framework. Information and Computer

Security. 2015;**23**(5):497-515

[16] Genero M, Cruz-Lemus J,

Piattini M. Métodos de investigación en ingeniería del software. Madrid, Spain: Editorial RA-MA; 2014. pp. 171-199

[17] Kock N, Lau F. Information systems action research: Serving two demanding masters. Information Technology &

[18] Eden C, Ackermann F. Theory into practice, practice to theory: Action research in method development.

for three-factor authentication: Preserving security and privacy in distributed systems. IEEE Transactions on Parallel and Distributed Systems.

Systems; ACM. 2018

2011;**22**(8):1390-1397

in RBAC. WOSIS; 2004

Privacy; IEEE. 2012

People. 2001;**14**(1)

[14] Bonneau J, Herley C, Van Oorschot PC, Stajano F, editors. The quest to replace passwords: A

2019

authentication. Proceedings of the IEEE.

[2] Kumari S, Khan MK, Li X, Wu F. Design of a user anonymous password authentication scheme without smart

Communication Systems. 2016;**29**(3):

[3] Ranjan P, Om H. An efficient remote user password authentication scheme based on Rabin's cryptosystem. Wireless Personal Communications. 2016:1-28

[4] Yang TC, Lo NW, Liaw HT, Wu WC. A secure smart card authentication and authorization framework using in multimedia cloud. Multimedia Tools and Applications. 2017;**76**(9):11715-

[5] Mishra D, Das AK, Mukhopadhyay S. A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Networking and Applications. 2016;**9**(1):171-192

Chellappa R. Facial attributes for active authentication on mobile devices. Image and Vision Computing. 2017;**58**:181-192

[6] Samangouei P, Patel VM,

[7] Antal M, Szabó LZ. Biometric authentication based on touchscreen swipe patterns. Procedia Technology.

[8] Usha K, Ezhilarasan M. Robust personal authentication using finger knuckle geometric and texture features. Ain Shams Engineering Journal. 2016;**9**

[9] Jacomme C, Kremer S, editors. An extensive formal analysis of multi-factor authentication protocols. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF); IEEE. 2018

2016;**22**:862-869

(4):549-565

**103**

tokens, and biometrics for user

card. International Journal of

2003;**91**(12):2021-2040

On the one hand, a systematic literature review, coupled with surveys and interviews, was performed to obtain the required knowledge base for generating the framework. The utilization of these two methodologies allowed to ascertain the perceptions on authentication from both the academy and the industry.

On the other hand, an expert panel and several case studies were realized to validate the adequacy of the framework. This permitted to obtain feedback from the end users of the framework so that it would provide adequate authentication scheme or method recommendations and have an appropriate usability.

Thus, this experience allowed to observe the usefulness of performing a research in collaboration with the industry, as it permits obtaining results that align more adequately with their needs while also providing more refined academic results.

Several future work lines can be followed based on this research. Namely, the framework could be adapted to work as a recommendation system so that its recommendations get refined through its usage. For the industry, it would be of interest that the framework not only recommends an authentication technique but that it also provides the required code for its implementation. Finally, the last cycle of the action-research, that is, the realization of case studies, could be replicated in other software development companies to further validate the adequacy of the framework.

#### **Acknowledgements**

This research is part of the following projects: DIUBB 144319 2/R and BuPERG (DIUBB 152419 G/EF).

#### **Author details**

Ignacio Velásquez, Angélica Caro\* and Alfonso Rodríguez Computer Science and Information Technologies Department, University of Bío-Bío, Chillán, Chile

\*Address all correspondence to: mcaro@ubiobio.cl

© 2019 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/ by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

*Multifactor Authentication Methods: A Framework for Their Comparison and Selection DOI: http://dx.doi.org/10.5772/intechopen.89876*
