REFERENCES

Fred Cohen, “A Short History of Cryptography Introductory Information Protection”, 1995, http://all.net/edu/curr/ip/Chap2-1.html

Chris Savarese and Brian Hart, “The Caesar Cipher”, Historical Cryptography Website, 1999, http://www.cs.trincoll.edu/~crypto/historical/caesar.html

Cornelis Robat, “ATM (Automatic Teller Machine)”, The History of Computing Project, 17 April, 2006, http://www.thocp.net/hardware/atm.htm

Federal Financial Institutions Examination Council, Supplement to Authentication in an Internet Banking Environment, 2011, https://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf

“About OATH”, Initiative for Open Authentication, 2012, http://www.openauthentication.org/aboutOath

OATH Members list, Initiative for Open Authentication, 2012, http://www.openauthentication.org/members
WiKID Systems, “Key Fobs are an expensive hassle!”, https://www.wikidsystems.com/learn-more/Problem/hardwaretokens

Brian Krebs, “Sources: Target Investigating Data Breach”, Krebs On Security, 18 December 2013, http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/

Brian Krebs, “Target Hackers Broke in Via HVAC Company”, Krebs On Security, 5 February, 2014, http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/

Google, “Stronger security for your Google Account”, https://www.google.com/landing/2step/

“Setting Two-Factor Authentication Login Requirements”, SalesForce Help & Training, https://help.salesforce.com/HTViewHelpDoc?id=security_require_two_factor_authentication.htm

John Leyden, “One in 200 success rate keeps phishing economy ticking over”, The Register, 7 December 2009, http://www.theregister.co.uk/2009/12/07/phishing_hit_rate/

Mike Lennon, “Dyre Malware Targeting Salesforce User Credentials”, Security Week, 8 September 2014, http://www.securityweek.com/dyre-malware-targeting-salesforce-user-credentials

“Secure Passwords? Patented One-Time Password Technologies and their Effect on Privacy”, University of Portsmouth, 3 December 2007, http://mosaic.cnfolio.com/M591CW2007C102

Olga Kharif, “EMC Losing Ground as Smartphones Displace RSA Tokens”, Bloomberg , 27 March 2013, http://www.bloomberg.com/news/2013-03-27/emc-losing-ground-as-smartphones-displace-rsa-tokens.html

Jeff Carpenter, “Did You Know: Trends in RSA SecurID® Two-Factor Authentication”, RSA Security, 10 April 2012, http://russia.emc.com/collateral/rsa/eventpresentations/04-10-12-Two-Factor_Auth.pdf

M’Raihi, et al, “OCRA: OATH Challenge-Response Algorithm”, Internet Engineering Task Force , June 2011, http://www.ietf.org/rfc/rfc6287.txt

M’Raihi et al, “HOTP: An HMAC-Based One-Time Password Algorithm”, Internet Engineering Task Force, December, 2005, http://www.ietf.org/rfc/rfc4226.txt

M’Raihi et al, “TOTP: Time-Based One-Time Password Algorithm”, Internet Engineering Task Force, May 2011, http://www.ietf.org/rfc/rfc6238.txt

Andrew Y. Lindell, “Time versus Event Based One-Time Passwords”, Aladdin Knowledge Systems Ltd., 2007, http://www3.safenet-inc.com/blog/pdf/time_vs_event_based_otp.pdf

Archie Cobbs, “How one-time passwords work and how they integrate with HTTP authentication”, mod-authn-otp Google Code Repository, 8 July 2009, https://code.google.com/p/mod-authn-otp/wiki/OneTimePasswords

Kevin Cernekee , “stoken - Software Token for Linux/UNIX”, SourceForge Wiki, 7 July 2014, http://sourceforge.net/p/stoken/wiki/Home/

Mohit Arora, “Understanding the security framework behind RSA SecurID”, Embedded, 9 November 2011, http://www.embedded.com/design/safety-and-security/4230483/Understanding-the-security-framework-behind-RSA-SecurID

TOTP Token - FortiToken-200/200CD, Fortinet, http://www.fortinet.com/products/fortitoken/password-tokens.html

DIGIPASS GO 6, VASCO, https://www.vasco.com/products/client_products/single_button_digipass/digipass_go6.aspx

GOLD OTP Authenticator with Challenge Response, SafeNet, http://www.safenet-inc.com/multi-factor-authentication/authenticators/one-time-password-otp/gold-challenge-response-token/

DIGIPASS 260, VASCO, https://www.vasco.com/products/client_products/esignature_digipass/digipass_260.aspx

OTP c300, FEITIAN, http://www.ftsafe.com/product/otp/ocra

Lucian Constantin, “Malware hijacks World of Warcraft accounts despite two-factor authentication”, Computer World, 7 January 2014, http://www.computerworld.com/article/2487408/malware-vulnerabilities/malware-hijacks-world-of-warcraft-accounts-despite-two-factor-authentication.html

Hagrin, “The PayPal Security Key”, Hargrin’s Blog, 3 March 2007, http://www.hagrin.com/273/the-paypal-security-key

PayPal Security Key, PayPal, https://www.paypal.com/us/cgi-bin?cmd=xpt/Marketing_CommandDriven/securitycenter/PayPalSecurityKey-outside

IDProve 700 Display Card, Gemalto, http://www.gemalto.com/Products/otp_display_card/index.html

Ben Popken, “Paypal’s New Security Card Fits Inside Wallet”, Consumerist, 2 August 2010, http://consumerist.com/2010/08/02/paypals-new-key-card-fits-wallet-but-doesnt-regen-every-30/

DIGIPASS® GO 215 single-button authentication and e-signing, VASCO, https://www.vasco.com/products/client_products/esignature_digipass/digipass-go-215.aspx

Lance Whitney, “RSA to replace SecurID tokens following breaches”, CNET, 7 June 2011, http://www.cnet.com/news/rsa-to-replace-securid-tokens-following-breaches/

Zeljka Zorz, “RSA admits SecurID tokens have been compromised”, Help Net Security, 7 June 2011, http://www.net-security.org/secworld.php?id=11122

Yubikey Personalization Tools, Yubico, https://www.yubico.com/products/services-software/personalization-tools/

Yubikey Hardware, Yubico, https://www.yubico.com/products/yubikey-hardware/

“The World in 2010, ICT Facts and Figures”, International Telecommunication Union, 20 October 2010, http://www.itu.int/ITU-D/ict/material/FactsFigures2010.pdf

Natasha Lomas, “Gartner: Smartphone Sales Finally Beat Out Dumb Phone Sales Globally In 2013, With 968M Units Sold”, TechCrunch, 13 February 2014 http://techcrunch.com/2014/02/13/smartphones-outsell-dumb-phones-globally/

Twilio Messaging Pricing, Twilio, https://www.twilio.com/sms/pricing

Jon Oberheide, “Early Results from X-Ray: Over 50% of Android Devices are Vulnerable”, Duo Security’s Blog, 12 September 2012, https://www.duosecurity.com/blog/early-results-from-x-ray-over-50-of-android-devices-are-vulnerable

Michael Mimoso , “Zitmo Trojan Variant Eurograbber Beats Two-Factor Authentication to Steal Millions”, Threatpost, 6 December 2012, http://threatpost.com/zitmo-trojan-variant-eurograbber-beats-two-factor-authentication-steal-millions-120612/77287

Josh Davis, “Two Factor Auth List”, Two Factor Auth, https://twofactorauth.org/

Shubham Shah, “How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others”, Shubham Shah’s Blog, 3 May 2014, https://shubh.am/how-i-bypassed-2-factor-authentication-on-google-yahoo-linkedin-and-many-others/

“Confused deputy problem”, Wikipedia, 27 June 2014, http://en.wikipedia.org/wiki/Confused_deputy_problem

Toopher, https://www.toopher.com/

“Assisted GPS”, Wikipedia, 24 September 2014, http://en.wikipedia.org/wiki/Assisted_GPS

“Apple Push Notification Service”, Apple iOS Developer Library, 31 October 2014, https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/Chapters/ApplePushService.html

“Android version history”, Wikipedia, 11 November 2014, http://en.wikipedia.org/wiki/Android_version_history

Chris Hayes, “Push Notifications -- Not Just for Games Anymore”, SecureAuth, 29 September 2013, http://www.secureauth.com/blog/push-notifications/

“Multi-factor authentication”, Wikipedia, 27 October 2014, http://en.wikipedia.org/wiki/Multi-factor_authentication

“Fast and Easy: One-Tap Authentication”, Duo Security, https://www.duosecurity.com/product/user-experience/authentication

“iPhone 5S Specifications”, Apple, https://www.apple.com/iphone-5s/specs/

Rich Miller, “Biometrics in Data Centers: Palms or Eyeballs?”, Data Center Knowledge, 23 September 2008, http://www.datacenterknowledge.com/archives/2008/09/23/biometrics-in-data-centers-palms-or-eyeballs/

“Types of Biometrics”, Biometrics Institute, http://www.biometricsinstitute.org/pages/types-of-biometrics.html

iPhone 6 Touch ID, Apple, https://www.apple.com/iphone-6/touch-id/

“The integration of smart card readers into personal computers”, Smart Card Alliance, http://www.smartcardalliance.org/resources/lib/DSI_Reader_Paper.pdf

“Common Access Card (CAC)”, DoD ID Card Reference Center, http://www.cac.mil/common-access-card/

“PIV & FIPS 201 Solutions”, HID Global Corporation, http://www.hidglobal.com/government/piv

Riley Waters, “Cyber Attacks on U.S. Companies in 2014”, The Heritage Foundation, 27 October 2014, http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014

“A Healthcare CFO’s Guide to Smart Card Technology and Applications”, Smart Card Alliance, February 2009, http://www.smartcardalliance.org/resources/lib/Healthcare_CFO_Guide_to_Smart_Cards_FINAL_012809.pdf

Homeland Security Presidential Directive 12, U.S. Department of Homeland Security, 22 July 2013, http://www.dhs.gov/homeland-security-presidential-directive-12

“Federal Information Processing Standard Publication 201”, Wikipedia, 29 August 2013, http://en.wikipedia.org/wiki/FIPS_201

Stephane Ardiley , “History of the Common Access Card (CAC)”, Security Info Watch, 19 March 2012, http://www.securityinfowatch.com/article/10653434/history-of-the-common-access-card-cac

eToken PRO Smart Card SafeNetm, http://www.safenet-inc.com/multi-factor-authentication/authenticators/pki-smart-cards/etoken-pro-smart-card-security/

“Smart Card Authentication”, Centrify, http://www.centrify.com/solutions/smart-card-authentication.asp

Ronnie Manning , “Yubico Presents the First Smart Card with User Presence to Combat Super-Spy Malware”, Yubico, 25 February 2013, https://www.yubico.com/press/press-releases/yubico-presents-smart-card-user-presence-combat-super-spy-malware-2/

“PCI Data Security Standard - Requirements and Security Assessment Procedures - Version 3.0”, PCI Security Standards Council, November 2013, https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf

“HIPAA Security Guidance”, Department of Health & Human Services, 28 December 2006, http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/remoteuse.pdf

Diego Matute, “Role of Two-Factor Authentication in Regulatory Compliance and Industry Guidelines”, LoginTC’s Blog, 19 March 2013, https://www.logintc.com/blog/2013-03-19-role-of-two-factor-authentication-in-regulatory-compliance-and-industry-guidelines.html

Libicki et al, “Influences on the Adoption of Multifactor Authentication”, RAND Corporation, 2011, http://www.rand.org/content/dam/rand/pubs/technical_reports/2011/RAND_TR937.pdf

Thu Pham, “2014 Costs of a Data Breach by Industry”, Duo Security’s Blog, 1 December 2014, https://www.duosecurity.com/blog/2014-costs-of-a-data-breach-by-industry

G. Padmanabhan, “Credit/Debit Card transactions-Security Issues and Risk mitigation measures”, Reserve Bank of India, 18 February 2009, http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=4844&Mode=0

Vivian Yeo, “S’pore banks gear up for stronger authentication”, ZDNet, 9 May 2006, http://www.zdnet.com/article/spore-banks-gear-up-for-stronger-authentication/

Isabelle Chan, “Better authentication allays online banking fears”, ZDNet, 18 June 2007, http://www.zdnet.com/article/better-authentication-allays-online-banking-fears-2062020506/

“Understanding Two-Factor Authentication and Transaction Signing”, MoneySENSE, 16 June 2014, http://www.mas.gov.sg/moneysense/understanding-financial-products/investments/consumer-alerts/understanding-two-factor-authentication-and-transaction-signing.aspx

M V N K Prasad and S Ganesh Kumar,“Authentication factors for Internet banking”, Institute for Development and Research in Banking Technology, http://www.idrbt.ac.in/publications/workingpapers/Working%20Paper%20No.%2011.pdf

K. T. Jagannathan, ”Two-step authentication must for credit cards: RBI”, The Hindu, 23 August 2014, http://www.thehindu.com/business/Industry/twostep-authentication-must-for-credit-cards-rbi/article6345330.ece

“RBI for two-stage verification for online banking transactions”, The Economic Times, 22 April 2014, http://articles.economictimes.indiatimes.com/2014-04-22/news/49318793_1_cheque-truncation-system-authentication-transactions

Sharma et al, “Report of the Group on Enabling PKI in Payment System Applications”, Reserve Bank of India, January 2014, http://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/PKI070214FR.pdf

Chua Kim Lee, “Two-Factor Authentication for Internet Banking Monetary Authority of Singapore”, 25 November 2005, http://www.steptoe.com/assets/attachments/1969.pdf

“Singapore to adopt two-factor authentication system in 2015”, The Paypers, 1 December 2014, http://www.thepaypers.com/digital-identity-security-online-fraud/singapore-to-adopt-two-factor-authentication-system-in-2015/757581-26

Kevin Kwang, “Two-factor authentication for SingPass will be opt-in next year”, Channel NewsAsia, 27 November 2014, http://www.channelnewsasia.com/news/singapore/two-factor-authentication/1496870.html

“ESET Secure Authentication - Second factor authentication and compliance”, ESET, 6 November 2013, http://www.eset.com/fileadmin/Images/INT/Docs/Other/ESA/2FA-and-Compliance.pdf

“App Store (iOS) Wikipedia”, 1 September 2014, http://en.wikipedia.org/wiki/App_Store_(iOS)

“Google Play”, Wikipedia, 19 November 2014, http://en.wikipedia.org/wiki/Google_Play

Mark Stanislav, “PasswordsCon 2014: End-User Authentication Security on the Internet”, Duo Security’s Blog, 14 August 2014, https://www.duosecurity.com/blog/passwordscon-2014-end-user-authentication-security-on-the-internet

“Bitcoin”, Wikipedia, 27 November 2014, http://en.wikipedia.org/wiki/Bitcoin

“Anonymous (group)”, Wikipedia, 26 November 2014, http://en.wikipedia.org/wiki/Anonymous_(group)

“LulzSec hacker helps FBI stop over 300 cyber attacks”, BBC News, 26 May 2014, http://www.bbc.com/news/technology-27579765

Simon Anderson, “Security Update”, DreamHost’s Blog, 21 January 2012, http://www.dreamhost.com/dreamscape/2012/01/21/security-update/

Nicole Perlroth, “Lax Security at LinkedIn Is Laid Bare”, The New York Times, 10 June 2012, http://www.nytimes.com/2012/06/11/technology/linkedin-breach-exposes-light-security-even-at-data-companies.html

Dara Kerr, “Dropbox confirms it was hacked, offers users help”, CNET, 31 July 2012, http://www.cnet.com/news/dropbox-confirms-it-was-hacked-offers-users-help/

Dave Engberg, “Security Notice: Service-wide Password Reset”, Evernote’s Blog, 2 March 2013, http://blog.evernote.com/blog/2013/03/02/security-notice-service-wide-password-reset/

Christopher Aker, “Security incident update”, Linode’s Blog, 16 April, 2013, https://blog.linode.com/2013/04/16/security-incident-update/

Joel Gascoigne, “Buffer security breach has been resolved – here is what you need to know”, Buffer App’s Blog, 26 October 2013, https://open.bufferapp.com/buffer-has-been-hacked-here-is-whats-going-on/

Yancey Strickler, “Important Kickstarter Security Notice”, Kickstarter’s Blog, 15 February 2014, https://www.kickstarter.com/blog/important-kickstarter-security-notice

Robert Rowley, “An Article About Authentication”, DreamHost’s Blog, 3 July 2012, https://www.dreamhost.com/dreamscape/2012/07/03/an-article-about-authentication/

Vicente Silveira, “Protecting your LinkedIn Account with Two-Step Verification”, LinkedIn’s Blog, 31 May 2013, http://blog.linkedin.com/2013/05/31/protecting-your-linkedin-account-with-two-step-verification/

Dan Wheeler, “Another layer of security for your Dropbox account”, Dropbox’s Blog, 27 August 2012, https://blog.dropbox.com/2012/08/another-layer-of-security-for-your-dropbox-account/

Seth Hitchings, “Evernote’s Three New Security Features”, Evernote’s Blog, 30 May 2013, http://blog.evernote.com/blog/2013/05/30/evernotes-three-new-security-features/

Christopher Aker, “Linode Manager Two-Step Authentication”, Linode’s Blog, 2 May 2013, https://blog.linode.com/2013/05/02/linode-manager-two-step-auth/

Belle Beth Cooper, “Introducing 2 Step Login for Buffer: The safest social media publishing on the web”, Buffer App’s Blog, 26 November 2013, https://blog.bufferapp.com/introducing-the-safest-social-media-publishing-on-the-web

Nitsuh Abebe, “New Security Features: Two-factor authentication and IP history”, Kickstarter’s Blog, 23 June 2014, https://www.kickstarter.com/blog/new-security-features-two-factor-authentication-and-ip-history

Ashley Feinberg, ‘Sony Kept Thousands of Passwords in a Folder Named “Password”’, Gizmodo, 4 December 2014, http://gizmodo.com/sony-kept-thousands-of-passwords-in-a-document-marked-1666772286

“AP Twitter hack causes panic on Wall Street and sends Dow plunging”, The Guardian, 23 April 2013, http://www.theguardian.com/business/2013/apr/23/ap-tweet-hack-wall-street-freefall

Eli Pariser, “Filter Bubble, or How Personalization is Changing the Web”, YouTube, 3 June 2010, https://www.youtube.com/watch?v=fDhsO_q7aYU

“Gartner Says 4.9 Billion Connected “Things” Will Be in Use in 2015”, Gartner, 11 November 2014, http://www.gartner.com/newsroom/id/2905717

Dan Goodin, “How mobile app weakness could let hackers track and unlock a Tesla Model S”, Ars Technica, 1 April 2014, http://arstechnica.com/security/2014/04/how-mobile-app-weakness-could-let-hackers-track-and-unlock-a-tesla-model-s/

Specifications Overview FIDO Alliance, https://fidoalliance.org/specifications