A review of multi-factor authentication in the Internet of HealthcareThings

As more Internet of Things (IoT) devices are being used, more sensitive data and services are also being hosted by, or accessed via, IoT devices. This leads to a need for a stronger authentication solution for the IoT context, and a stronger authentication solution tends to be based on several authentication factors. Existing multi-factor authentication solutions are mostly used for user-to-system identity verification scenarios, whereas, in the IoT context, there are device-to-device communication scenarios. Therefore, more work is necessary to investigate how to facilitate multi-factor authentication for device-to-device interactions. As part of our ongoing work on the design of the M2I (Multi-factor Multilevel and Interaction-based) framework to facilitate multi-factor authentication in IoT, this paper reports an extension to an authentication framework published previously that supports the multi-factor authentication of devices in device-to-device and device-to-multidevice interactions. In this extended framework, four authentication protocols are added to facilitate multi-factor group authentication between IoT devices. Analysis results show that the protocols satisfy the specified security requirements and are resilient against authentication-related attacks. The communication and computation overheads of the protocols are also analyzed and compared with those of IoT group authentication solutions and Kerberos. The results show that the symmetric-key-based version of the proposed protocols cut the communication and computational costs, respectively, by 70∼74% and 89∼92% in comparison with those of Kerberos.

This article analyzes open-source multi-factor authentication (MFA) solutions. Research on adapting the MFA solution is given, this research will help businesses to provide security in the implementation of remote work. This article discusses 5 open-source MFA solutions, functionality, advantages and disadvantages. For Small and Medium-sized Businesses (SMBs), using a multi-factor authentication (MFA) solution is an important element of security. MFA is an authentication method that requires several forms of authentication before a user can access a system or application. For SMBs, using MFA helps protect their business from cyberattacks, including phishing, network traffic interception and password cracking. In addition, the use of MFA helps to comply with regulations such as GDPR and HIPAA, which require companies to ensure data security. In general, the use of MFA helps to protect important information and reduce the risks of security breaches, which can lead to financial losses, reputational problems and loss of customer confidence.

Today's digital landscape needs robust security measures to safeguard sensitive information and maintain trust with users. Multi-Factor Authentication (MFA) stands as a critical technology in this journey, by offering an additional layer of defense beyond the traditional single-layer security. This white paper explores what is MFA, MFA Architecture, MFA Methods, Benefits of using MFA, current MFA Market providers and future trends. It outlines how MFA addresses the vulnerabilities of single-factor authentication by requiring users to verify their identity through multiple independent credentials. These factors typically include something the user knows (like a password), something they have (such as a smartphone or hardware token), and something they are (like biometric data). This white paper addresses key aspects of MFA as mentioned below: • Enhanced Security - MFA significantly reduces the risk of unauthorized access, protecting against common threats such as phishing, credential theft, and brute-force attacks. • User Experience - The MFA solution can be designed to streamline user interactions while maintaining security standards. Compliance requirements - Industries mandate the use of MFA to comply with data protection regulations. Implementing MFA ensures adherence to legal requirements.. Key Words: Authentication, Multi-Factor Authentication, security journals

The health care industry has faced various challenges over the past decade as we move toward a digital future where services and data are available on demand. The systems of interconnected devices, users, data, and working environments are referred to as the Internet of Health Care Things (IoHT). IoHT devices have emerged in the past decade as cost-effective solutions with large scalability capabilities to address the constraints on limited resources. These devices cater to the need for remote health care services outside of physical interactions. However, IoHT security is often overlooked because the devices are quickly deployed and configured as solutions to meet the demands of a heavily saturated industry. During the COVID-19 pandemic, studies have shown that cybercriminals are exploiting the health care industry, and data breaches are targeting user credentials through authentication vulnerabilities. Poor password use and management and the lack of multifactor authentication security posture within IoHT cause a loss of millions according to the IBM reports. Therefore, it is important that health care authentication security moves toward adaptive multifactor authentication (AMFA) to replace the traditional approaches to authentication. We identified a lack of taxonomy for data models that particularly focus on IoHT data architecture to improve the feasibility of AMFA. This viewpoint focuses on identifying key cybersecurity challenges in a theoretical framework for a data model that summarizes the main components of IoHT data. The data are to be used in modalities that are suited for health care users in modern IoHT environments and in response to the COVID-19 pandemic. To establish the data taxonomy, a review of recent IoHT papers was conducted to discuss the related work in IoHT data management and use in next-generation authentication systems. Reports, journal articles, conferences, and white papers were reviewed for IoHT authentication data technologies in relation to the problem statement of remote authentication and user management systems. Only publications written in English from the last decade were included (2012-2022) to identify key issues within the current health care practices and their management of IoHT devices. We discuss the components of the IoHT architecture from the perspective of data management and sensitivity to ensure privacy for all users. The data model addresses the security requirements of IoHT users, environments, and devices toward the automation of AMFA in health care. We found that in health care authentication, the significant threats occurring were related to data breaches owing to weak security options and poor user configuration of IoHT devices. The security requirements of IoHT data architecture and identified impactful methods of cybersecurity for health care devices, data, and their respective attacks are discussed. Data taxonomy provides better understanding, solutions, and improvements of user authentication in remote working environments for security features.

A survey on multi-factor authentication for online banking in the wild

The expansion of Internet of Things (IoT) devices in healthcare has created an urgent need for secure authentication methods that protect sensitive patient data. Traditional centralized authentication approaches often require aggregating data in the cloud, raising privacy concerns and creating security vulnerabilities. This research proposes a federated learning (FL) based authentication framework for healthcare IoT, which enables distributed model training on medical devices without sharing raw data. We outline the unique challenges of healthcare IoT environments including resource constrained devices, heterogeneous data, and strict privacy regulations and describe how FL can address these issues by keeping patient information local. The proposed framework combines physiological and behavioral biometrics (e.g. heart signals, motion patterns) to authenticate users, enhanced with privacy preserving techniques. We evaluate the system on representative healthcare IoT datasets, demonstrating authentication accuracy above 95% while significantly reducing patient data exposure. Key metrics show a low false acceptance rate (~1–2%) and improved resilience against common attacks compared to baseline methods. The results indicate that federated learning can achieve secure, reliable authentication in healthcare IoT, preserving privacy without compromising performance. This work highlights a novel approach to safeguard medical IoT networks, ensuring only authorized access to devices and sensitive health data, and paving the way for secure, scalable healthcare applications.

Introduction The COVID-19 pandemic unexpectedly accelerated the digital transformation of healthcare systems, exposing them to unprecedented cybersecurity risks. During the COVID-19 pandemic, the healthcare system was affected by ransomware, phishing, and other cyber threats which disrupted the delivery of healthcare services, compromised patient data, and challenged public health emergency response. Although the cyberthreats and cyberattacks were documented, there is a limited synthesis of lessons learned for pandemic preparedness.  Methods Following the Arksey and O’Malley framework and PRISMA-ScR guidelines, we conducted a systematic search of peer-reviewed and grey literature published between January 2020 and December 2025 across PubMed, Scopus, Web of Science, IEEE Xplore, and Google Scholar. Eligible studies reported on cyber threats, mitigation measures, and impacts on healthcare or public health response during COVID-19. Data were extracted using a standardized template and analyzed descriptively and thematically, categorizing threats, mitigation strategies, and lessons learned.  Results Twenty-six studies were included, comprising scoping/systematic reviews, empirical analyses, case studies, surveys, and policy reports. The most prevalent threats were ransomware and phishing, followed by malware, device/IoMT vulnerabilities, and data breaches. Impacts included service disruption, diagnostic delays, patient safety risks, and widespread data exposure. Mitigation strategies spanned technical (e.g., multi-factor authentication, segmentation, backups), organizational (e.g., incident response planning, workforce training), and policy/governance measures (e.g., reporting systems, cross-sector coordination). Key lessons highlighted the importance of layered socio-technical defenses, workforce preparedness, tested recovery plans, and integrated cyber governance. Major gaps were noted in the evaluation of mitigation effectiveness, and research on cyberbiosecurity and infodemic-related threats.  Conclusions Health systems must adopt resilient, evidence-informed, socio-technical strategies to mitigate cyber threats, maintain continuity of care, and protect patient data. Policymakers should integrate cybersecurity into emergency planning, strengthen reporting and governance frameworks, and support research on intervention effectiveness and emerging threats.

With the rapid growth of digital banking platforms in Ghana, cyber threats have become a major concern for financial institutions and consumers alike. Multi-Factor Authentication (MFA) has emerged as a critical security measure to protect sensitive financial data and prevent unauthorized access to digital banking systems. This study aims to evaluate the effectiveness of MFA in mitigating cyber threats within the Ghanaian digital banking ecosystem. The research investigates how various MFA methods, including SMS-based one-time passwords (OTPs), biometric verification, and hardware tokens, contribute to enhancing the security posture of banks operating in Ghana. Through a combination of quantitative data analysis and expert interviews, the study examines the extent to which MFA reduces risks such as phishing attacks, account takeovers, and unauthorized transactions. It also explores the user experience and adoption challenges associated with MFA, including its impact on customer convenience and trust. By analysing real-world cyber incidents in Ghanaian banks, the study identifies gaps in current MFA implementations and suggests areas for improvement. The findings reveal that while MFA significantly lowers the risk of cyberattacks, factors such as user education, infrastructure reliability, and the sophistication of cybercriminals impact its overall effectiveness. The study concludes with policy recommendations for financial institutions, suggesting a more layered approach to security, the integration of advanced authentication techniques, and the importance of fostering user awareness to combat evolving cyber threats in Ghana's digital banking sector.

Literature review is a fundamental part of a research process, and systematic protocols for this activity have been used for a long time, mainly in the field of health. Specifically in the Computer Science Education area, the use of systematic literature review has grown. One of the steps in a systematic literature review (SLR) is the selection of academic databases in which to search for articles. There are several databases with academic documents that may be relevant to SLR, for example: Google Scholar, which indexes different types of documents, such as articles, dissertations, theses, and others; Scopus and Web of Science are large databases that index articles from different conferences and journals. ACM Digital Library and IEEE Xplore are also important sources of information in the field of Computer Education. These tools have different characteristics, some charge a fee, others have only information about the title and authors and do not have access to the full article, others have advanced features, with many filters. In this context, this article presents the following research questions: RQ1) What metadata can be extracted automatically from the databases?; RQ2) What kind of visualization tools are available?; RQ3) Do the documents returned by the databases cover the research topic?; RQ4) Do the databases have papers from the main CSE venues?; and RQ5) How many databases are required to perform a literature review in CSE? To answer these questions we used five academic databases: Google Scholar, Scopus, Web of Science, ACM Digital Library, and IEEE xplore. Regarding the results, Scopus and Web of Science have the best visualization of the documents and a robust query engine, however those academic databases are not free. ACM Digital library, IEEE Xplore, Scopus and Web of Science allow the automatic download of the papers’ metadata (author, title, abstract, affiliation and others). Specifically in the field of Computer Science Education, the ACM Digital Library and the IEEE Xplore have important papers from conferences (SIGCSE and FIE) and journals (ACM Transaction on Education and IEEE Transaction on Education). In this full paper, the results will be presented to help researchers to choose the most appropriate academic databases based on their requirements and available options.

Over the last few years, there has been an almost exponential increase in the number of mobile applications that deal with sensitive data, such as applications for e-commerce or health. When dealing with sensitive data, classical authentication solutions based on username-password pairs are not enough, and multi-factor authentication solutions that combine two or more authentication factors of different categories are required instead. Even if several solutions are currently used, their security analyses have been performed informally or semiformally at best, and without a reference model and a precise definition of the multi-factor authentication property. This makes a comparison among the different solutions both complex and potentially misleading. In this article, we first present the design of two reference models for native applications based on the requirements of two real-world use-case scenarios. Common features between them are the use of one-time password approaches and the support of a single sign-on experience. Then, we provide a formal specification of our threat model and the security goals, and discuss the automated security analysis that we performed. Our formal analysis validates the security goals of the two reference models we propose and provides an important building block for the formal analysis of different multi-factor authentication solutions.

As the days of pervasive password authentication are starting to wane, administrators and end users are increasingly turning to stronger types of authentication such as two-factor authentication (2FA) and multi-factor authentication (MFA). All other considerations considered equal, MFA solutions (which include 2FA) are usually stronger than single-factor authentication (1FA) solutions such as the ubiquitous duo of username and password. This is generally agreed upon by all computer security professionals. People are increasingly turning to stronger types of authentication such as two-factor authentication (2FA) and multi-factor authentication (MFA). But somewhere along the way, many people have come to associate MFA solutions with being far less hackable or even unhackable. Nothing could be further from the truth. In fact, it's possible to use nothing more than a simple phishing email to easily bypass many beloved MFA solutions, says Roger Grimes of KnowBe4.

Chapter 11 - IoT in healthcare ecosystem

In the publication multi factor authentication solutions are offered as a necessary tool for decrease of information technology security risks. The work includes description of authentication process from the viewpoint of information technology security aspect, as well as authentication factors are described, which can be used in authentication process modules. Some recommendations for decrease of security risks are given using multi factor authentication solutions. In the work a multi-factor authentication security testing experiment is described, which involves use of Linux remote console - SSH service. Analysis of data of unauthorised access efforts obtained during tests is described: it is determined from which countries or regions, as well as in which days there is the highest threat to information technology security.

An OLDL (Online Literature Digital Library) is a library in which collections, i.e., publications from one or more domains of study, are stored in digital formats (as opposed to print, microform, or other media) and accessible by users through the Internet. Examples of wellknown OLDLs are IEEE Xplore (IEEE Xplore, 2008), ACM Portal (ACM Digital Library, 2008), CiteSeer (CiteSeer, 2008), Google Scholar (Google Scholar, 2008), and PubMed (PubMed, 2008). Digital libraries are rapidly growing in popularity. For instance, ScienceDirect (ScienceDirect, 2008), the world’s leading scientific, technical and medical information resource celebrated its billionth article download in November’06 since launched in 1999. Besides usage, digital libraries are also rapidly growing in terms of size and diversity of topics. For instance, (i) in Computer Science, ACM Digital Library (ACM Digital Library, 2008) has close to one million full-text publications collected over 50 years, to search and download; (ii) in Electrical Engineering and Computer Science, IEEE Xplore (IEEE Xplore, 2008), another OLDL, provides users with on-line access to more than 1,700 selected conferences proceedings. These high growth rates introduced several challenges facing the information access capability of OLDLs. Next we list few challenges that probably guides future research related to LDLs. Challenge 1: Large Sizes and Topic Diversity of Search Output Results. Search outputs of OLDLs tend to suffer from the “topic diffusion” problem, where commonly, keyword-based searches produce a large number of publications over a large number of topics, where not all topics are of interest to the user. One way to solve this problem is to assign scores to search results ( i.e., publications). Assigning scores to publications helps OLDLs to present the most important relevant publications to the user first, Citation-based publication score measures (e.g., citation count) are commonly used for ranking publications. At the present time, OLDLs lack effective and accurate publication ranking. Challenge 2: Lack of Effective Scoring Functions for Publications. At the present time, OLDLs lack effective and accurate publication rankings (Ratprasartporn et al., 2007). Providing accurate publication scores can help users in reducing the time spent in searching OLDLs, and thus enhances the scalability of OLDL usage as users can quickly identify important relevant publications to their topic of interest.

Today's increasingly frequent and costly cyber threats underscore the importance of securing machine learning (ML), which can automate reactions to identified risks and decrease the time needed to counteract possible assaults. Steps like separating infected systems and launching predetermined security procedures fall under this category. Machine learning algorithms sift through mountains of data, searching for irregularities that indicate potential security risks. Unusual user activity, malware, and phishing attempt detection are all part of this. To verify identities, ML models examine patterns of user behaviour. Some examples of this behaviour are the dynamics of keystrokes and mouse movements. In every respect, current MFA solutions are more user- and admin-friendly. More alternatives mean businesses can pick an MFA solution that suits their specific setup and requirements. A user's knowledge, possession, or status can be validated via MFA methods.