Integrating Passphrases as an Authentication Mechanism in E-Commerce

Abstract

E-commerce has brought drastic changes in the way business transactions are conducted prompting banks and other businesses to adopt electronic payment systems. It not only offers the banking industry and other businesses a great opportunity, but also creates risks and vulnerabilities. A number of studies continue to reveal that Information Security is an essential management and technical requirement for any efficient payment transaction activities over the internet. This study sought to contribute to the development of a secure e-commerce system by employing the use of passphrases. These are important in e-commerce security since they are hard to crack because most of the highly-efficient password cracking tools break down at around 10 characters. Therefore, it would be difficult to be able to guess, brute-force or pre-compute these passphrases.The main objective of this research was to address security issues related with password-based authentication mechanism in e-commerce websites such as password cracking. The research intended to design a system that had the capabilities to mitigate password guessing and brute force attack since passphrases allow special characters like space. Following a detailed systematic literature review and the application of design science as the research design, a passphrase system was developed on the basis of Object Oriented Programming (OOP) approach using PHP as the coding language with MySQL database engine at the backend. A prototype was developed and its validity tested by security experts for more credibility. Expert feedback was accommodated to enhance the security measures put in place for online transactions. The researcher used focus group discussions to collect data and feedback from the participants. They were asked questions during the focused group discussions and they gave feedback that would be useful in improving the prototype developed. Convenience sampling was used due to time and cost constraints. A sample size of 7 security experts was drawn from the ICT department of Jhpiego Corporation from a population size of 20. Thematic analysis was used to analyze the data; codes were then developed to represent identified themes and applied to raw data as summary markers for later analysis. It is recommended that passphrases should be designed to be user-selected since they have better usability than system generated passwords. Users should also exercise extreme caution when writing down or storing passphrases. The passphrase policy should contain composition rules and recommendations, such as minimum length, character variations and avoidance of dictionary and pop culture words. More research implemented in not only e-commerce websites but also other systems that require a lot confidentiality.The results of this study will benefit e-commerce website owners since this enhanced security measure added to the website will give shoppers more confidence even as they do business transactions online.