Phase 2

Abdirahman Ismail
BAS–490
Professor Calvin
10/30/2023
 Methodology

Participants

People who are likely to be targeted by phishing attempts are the ones who will participate in this

study. Participant selection will include looking for people who meet the following criteria: are

at least 18 years old; have familiarity with online activities (such as email, social media, or

online banking); and are willing to take part in the research. In order to get a full picture of how

well multi-factor authentication (MFA) works in different user scenarios, we'll be recruiting

people from a wide variety of ages, gender identities, educational backgrounds, and degrees of

online experience. The participants for this research will be selected based on specific criteria to

ensure that they represent a diverse and relevant sample. Inclusion criteria include:

I. Age

Participants must be 18 years or older, as this age group is more likely to have significant online

activity.

II. Online Experience

Participants should have a history of using online platforms, including email, social media,

online banking, and online shopping.

III. Consent

Participants are required to provide informed permission in order to take part in the research. The

will be selected to represent a wide variety of ages, sexes, educational attainment levels, and

professional fields in order to provide a representative sample. This variety is essential for testing

the efficacy of MFA in a wide range of user scenarios (Sun et al., 2023).
Study Design

Mixed-methods research, which incorporates both qualitative and quantitative approaches, will

be used in this investigation. The research will include two parts: a preliminary survey and a

subsequent interview (Gerholz et al., 2020). Mixed-methods research, including qualitative and

quantitative techniques, will be used for this study.

a) Survey Phase

During this stage, a quantitative methodology will be used to gather data from a substantial

number of individuals. This survey aims to gather valuable information into participants'

experiences, opinions, and actions pertaining to online security and MFA (Zhang & Cai, 2018).

b) Interview Phase

After conducting the survey, a specific group of participants will be chosen for further

interviews. The objective of this qualitative method is to get a more profound comprehension of

the intricacies of MFA use and its influence on users' perceptions of security.

c) Procedure-Recruitment

Recruitment of participants will be conducted via many online channels, such as social media

platforms, forums, and cybersecurity groups. Recruitment ads will provide comprehensive

information on the study's objectives and prerequisites. Prior to enrolling in the research,

informed consent forms will be sent to interested participants, who will also be given the chance

to inquire about any concerns or uncertainties they may have.

Data Collection

During the survey phase of this study, we will use an online survey as our main approach for

collecting data. The survey instrument will be meticulously crafted to gather a diverse array of

information that is pertinent to the study's aims. The following information provides an

overview of this phase.

I. Survey Phase

In the survey phase of this research, we will employ an online survey as our primary data

collection method. The survey instrument will be carefully designed to capture a wide range of

information relevant to the study's objectives. The following details outline this phase:

I. Survey Design

The survey will have a blend of closed-ended and open-ended questions. Closed-ended

questions facilitate the collection of quantitative data, enabling the acquisition of organized

replies that may be readily examined. The questions will cover many areas, including online

conduct, frequency of online activity, encounters with phishing assaults, and knowledge of

Multi-Factor Authentication (MFA).

II. Data Administration

The survey will be conducted using proven online survey platforms that provide a user-friendly

interface for participants to complete the questionnaire. These platforms not only simplify the

process of collecting data but also guarantee the security and confidentiality of participants'

information (Hwang et al., 2021).

III. Informed Consent

Participants will get a clear and succinct elucidation of the survey's objective, the voluntary

aspect of their involvement, and data confidentiality. Prior to proceeding with the survey, each

participant will be required to provide informed consent.

IV. Data Collection Period

The survey will be available for a defined duration, usually lasting several weeks, in order to

accommodate a wide and varied variety of participants.

II. Interview Phase

The interview phase is a crucial component of this research, designed to provide deeper insights

into participants' experiences, perceptions, and challenges related to Multi-Factor Authentication

(MFA) and phishing attacks. This phase will be conducted as follows:

Sampling Strategy

We will use a purposive sample technique to choose the interview participants. This

methodology enables deliberate selection of participants who possess certain traits or

experiences that are in line with the aims of the research. Participants will be selected based on

their expertise in MFA or their past experiences with phishing attempts.

Interview Protocol

Selected individuals will be interviewed using semi-structured questions. Open-ended questions

and other interviewing aids will be crafted into a comprehensive process. Questions will range

from specifics on phishing attempts to participants' experiences with multi-factor authentication

to their thoughts on the benefits and drawbacks of this security measure.

Data Collection Platform

Video conferencing services will be used to conduct interviews, providing real-time

communication while allowing interviewees to remain in their own homes or offices if they like.

Participants may respond to inquiries and give answers in more depth thanks to the adaptability

of video conferencing.

Informed Consent

Prior to the interview, participants will be provided with informed consent information,

including details about the interview process, data usage, and their rights as research subjects.

Consent will be obtained from each participant before the interview commences.

Data Analysis

I. Survey Data

Quantitative data from the survey will be analyzed using statistical software. Descriptive

statistics and inferential statistics (e.g., regression analysis) will be used to identify patterns and

relationships between variables.

II. Interview Data

Qualitative data from the interviews will be transcribed and subjected to thematic analysis.

Themes and patterns related to participants' experiences and perceptions of MFA will be

identified.

Ethical Considerations

a) Informed Consent
 Prior to participation in the research, all individuals will be required to give informed

permission. The participants will get detailed information on the study's objectives, methods of

data collecting, and their entitlements.

b) Anonymity

Participants' identities will be protected, and data will be anonymized to ensure confidentiality.

c) Privacy

The gathered data will be kept securely and will only be available to the study team.

d) Voluntary Participation

It will be made clear to participants that they are free to withdraw from participation in the study

at any point and will not be subject to any penalties as a result of doing so.

Measures

I. Survey

The survey will have a combination of closed-ended and open-ended questions. The close-

ended questions will address subjects such as online conduct, use of MFA, and encounters with

phishing. Utilizing open-ended questions will enable participants to provide more

comprehensive and elaborate insights into their experiences.

II. Interviews

The semi-structured interviews will be conducted according to a predetermined interview

methodology. Typical questions may include asking about particular instances of phishing, the
methods participants use for multi-factor authentication (MFA), and their opinions on the

advantages and disadvantages of MFA.

III. Limitations

Possible constraints include the dependence on data given by individuals themselves, the extent

to which the sample accurately represents the population, and the possibility for bias resulting

from the technique of online recruitment.

Reference:

Ali, G., Dida, M. A., & Elikana Sam, A. (2021, November 25). A Secure and Efficient Multi-
Factor Authentication Algorithm for Mobile Money Applications. Future Internet,
13(12), 299. https://doi.org/10.3390/fi13120299

Carrillo-Torres, D., Pérez-Díaz, J. A., Cantoral-Ceballos, J. A., & Vargas-Rosales, C. (2023,

January 20). A Novel Multi-Factor Authentication Algorithm Based on Image
Recognition and User Established Relations. Applied Sciences, 13(3), 1374.
https://doi.org/10.3390/app13031374

Ashibani, Y., & Mahmoud, Q. H. (2020). A Multi-Feature User Authentication Model Based on
Mobile App Interactions. IEEE Access, 8, 96322–96339.
https://doi.org/10.1109/access.2020.2996233

Ometov, A., Bezzateev, S., Mäkitalo, N., Andreev, S., Mikkonen, T., & Koucheryavy, Y. (2018,
January 5). Multi-Factor Authentication: A Survey. Cryptography, 2(1), 1.
https://doi.org/10.3390/cryptography2010001

Purkait, S. (2012, November 23). Phishing counter measures and their effectiveness – literature
review. Information Management & Computer Security, 20(5), 382–420.
https://doi.org/10.1108/09685221211286548

Sajjad, M., Khan, S., Hussain, T., Muhammad, K., Sangaiah, A. K., Castiglione, A., Esposito, C.,
& Baik, S. W. (2019, September). CNN-based anti-spoofing two-tier multi-factor
 authentication system. Pattern Recognition Letters, 126, 123–131.
https://doi.org/10.1016/j.patrec.2018.02.015

Sajjad, M., Khan, S., Hussain, T., Muhammad, K., Sangaiah, A. K., Castiglione, A., Esposito, C.,
& Baik, S. W. (2019, September). CNN-based anti-spoofing two-tier multi-factor
authentication system. Pattern Recognition Letters, 126, 123–131.
https://doi.org/10.1016/j.patrec.2018.02.015

Sun, J., Lenz, D., Yu, H., & Peterka, T. (2023, October 10). MFA-DVR: direct volume rendering
of MFA models. Journal of Visualization. https://doi.org/10.1007/s12650-023-00946-y

Gerholz, K. H., Ciolek, S., & Wagner, A. C. (2020, September 30). Digital design of design
processes – A case study of a design research study in vocational education. EDeR.
Educational Design Research, 4(1). https://doi.org/10.15460/eder.4.1.1452

Zhang, X., & Cai, W. (2018, October 6). BDS four frequency carrier phase combination models
and their characteristics. Survey Review, 52(371), 97–106.
https://doi.org/10.1080/00396265.2018.1527088

Hwang, S., Nam, T., & Ha, H. (2021, July 3). From evidence-based policy making to data-driven
administration: proposing the data vs. value framework. International Review of Public
Administration, 26(3), 291–307. https://doi.org/10.1080/12294659.2021.1974176

Gill, G., & Jones, J. (2016). MULTI-FACTOR AUTHENTICATION AT JAGGED PEAK.

Journal of Information Technology Education: Discussion Cases, 5, 05.
https://doi.org/10.28945/3597

Cassidy, J., & Manor, I. (2016, May 26). Crafting strategic MFA communication policies during
times of political crisis: a note to MFA policy makers. Global Affairs, 2(3), 331–343.
https://doi.org/10.1080/23340460.2016.1239377

Libicki, M. C. (2011, January 1). Influences on the Adoption of Multifactor Authentication.

RAND Corporation.