A Two-Factor Authentication Framework For Securing Information Systems In The Telecommunications Industry

Abstract

Telecommunications Service Providers (TSPs) offer internet, voice and data networks solutions to public and private organizations of varying scales and individuals. Any potential data leaks, losses and malicious attacks in TSPs networks could cause widespread identity theft, economic sabotage and threats to national security. There have been numerous reports of attacks to systems protected by single factor authentication schemes, many of them aimed at TSP organizations. However, a majority of these organizations still use single factor authentication methods only to secure their information systems. This covers only one of the ways listed below: entering a password or passcode, using a physical token, or scanning a biometric feature (such as a fingerprint, retina scan, voice print, or facial feature). Since these one-way authentication methods do not attempt to further authenticate the specific identity of the users giving the factors necessary to access the systems, they have security flaws. Despite the advantages that two-factor authentication offers, its adoption continues to be slow or highly selective in the few cases where it has been applied. In this study, the researcher looked into the authentication methods now in use to access crucial systems in the telecommunications sector, their weaknesses, and the barriers to the adoption of two-factor authentication methods. The study also suggested and verified a framework for two-factor authentication for use in successfully protecting these systems from outside access. The Unified Theory of Acceptance and Use of Technology (UTAUT) adoption theory was used and modified appropriately to suit the research objectives. The independent variables used were government regulations, top management support, cost of purchasing and operating the 2FA solution, security awareness and training, fear of user pushback, performance expectancy, effort expectancy, social influence, facilitating conditions. The dependent variable was adoption of two-factor authentication in the telecommunications industry. Data was collected through distribution of questionnaires to individuals in the telecommunications industry. A descriptive research design was adopted in the study because the subjects are usually observed in their natural environment and can therefore result in reliable and accurate information. The study targeted 172 employees of various organizations in the telecommunications industry in Kenya that have interacted with two-factor authentication used to secure any of their information systems. This study employed the use of non-probability sampling. The sample selection was made based on the researcher’s subjective judgment. The more specific method of non-probability sampling used was convenience sampling. The sample size consisted of 120 individuals calculated using the Yamane formula. This study used primary data. Questionnaires were the main method of collecting information from the study sample. Descriptive statistics was used to analyze the quantitative data, which was organized into means, standard deviations, frequencies and percentages, and visualized through representations like pie charts and bar graphs. Correlation and regression analysis were used in inferential statistics, and SEM analysis used for model evaluation. Using the structural equation model results, the study found that government regulations (B = 0.14, p = 0.000), top management support (B = 0.19, p = 0.000), cost of purchasing and operating two factor authentication solution (B = -0.23, p = 0.000), security awareness and training (B = 0.4, p = 0.000), fear of user pushback (B = -0.13, p = 0.000), performance expectancy (B = 0.39, p = 0.000), effort expectancy (B = 0.28, p = 0.000), social influence (B = 0.37, p = 0.000) and facilitating conditions (B = 0.23 p = 0.000) all had significant relationships with the adoption of two-factor authentication in the telecommunications industry. The study therefore concluded that the nine independent variables of the study significantly influenced the adoption of two-factor authentication in the telecommunications industry, with fear of user pushback and cost of purchasing and operating two-factor authentication solution having a negative influence. The study therefore recommends that government regulations should mandate the use of two-factor authentication and top management should offer support for its use. Organizations should minimize the cost of 2FA operation by conducting extensive trainings and awareness to the users and IT support, which will also reduce fear of user pushback, thus increasing its levels of adoption.