Your search keyword '"Al Maqbali, Fatma"' showing total 2 results

1. Strengthening password-based authentication

Author

Al Maqbali, Fatma

Subjects

Password-based authentication, Password generators, Password recovery, Email-based password recovery

Abstract

Authenticating humans to computers remains problematic despite decades of effort. Password-based authentication remains extremely common, in spite of its widely known shortcomings, and this seems likely to continue. Hence improving the security of password use is a topic of huge practical importance — this observation provides the motivation for the work described in this thesis. We focus in particular on two topics, namely password generators and password recovery. Password generators provide site-specific passwords on demand, facilitating the use of site-specific and complex passwords; they are an alternative to password managers that avoid storing passwords long-term. We proposed a general model for such systems, and critically examine options for instantiating this model, including all those previously proposed. The model has also been used to help design a new scheme, AutoPass, intended to incorporate the best features of the prior art whilst also addressing many of the most serious shortcomings of existing systems through use of novel techniques. AutoPass is specified in detail, and a prototype implementation is described. The prototype has been user-trialled to test its usability and security. Because passwords are very widely used for user authentication, most websites using passwords also implement password recovery to allow users to re-establish a shared secret if the existing value is forgotten; however, use of such a fall-back creates additional vulnerabilities. We present a model for such systems, and use this to analyse existing approaches. This leads naturally to a set of recommendations for system implementation. Many password recovery systems involve sending a special email to the user, e.g. containing a secret link, in which case security will depend on the email being acted upon correctly; unfortunately, such emails are not always well-designed and can introduce vulnerabilities. To understand better this serious practical issue, we surveyed password recovery emails for 50 of the top English language websites and investigated their design, structure and content. We found that many well-known web services, including Facebook, Dropbox, and Microsoft, suffer from recovery email design, structure and content issues. This study enabled us to formulate recommendations for the design of such emails.

Published

2019

2. Navigating antenatal care in Oman : a grounded theory of women's and healthcare professionals' experiences

Author

Al Maqbali, Fatma, Furber, Christine, and Mills, Tracey

Subjects

362.1982, views, perceptions, knowledge, opinions, pregnant women, experiences, low-risk pregnancy, antenatal care, prenatal care, normal pregnancy, anepartum care

Abstract

Background: In Oman, 33.3% of women attended late for publicly funded antenatal care in 2015 and 24% did not attend for the recommended 4-6 visits during their pregnancy. This low attendance suggests a need to explore attendance for antenatal care for low-risk pregnant women in Oman. Methodology: An exploratory qualitative design informed by constructivist grounded theory methodology was used in this research. Methods: In-depth semi-structured interviews were conducted with an initial purposive sample of nine pregnant women. The initial analysis enabled theoretical sampling of thirteen non-participant observations during women's appointments, interviews with ten care providers, and six women who booked late after 12 weeks of gestation. A constructivist grounded theory analytical framework of initial, focused and theoretical coding was followed to analyse all the data collected. Findings: The core category consists of five interrelated sub-categories: perceived benefits and value of antenatal care; timing of the first antenatal visit; woman-carer interactions during antenatal care; experiences with antenatal care delivery; and supplementary use of private healthcare. The integral categories explain the social processes and issues surrounding antenatal care. The emergent core category, Navigating antenatal care, reflects the views of the women and their care providers. The women were unhappy with the organisation and physical environment of care but attended their appointments to ensure optimal pregnancy outcome and to alleviate their fears of developing complications. Thus, they used both private and public healthcare and sourced online information in response to their feelings of obligation to protect their fetus. Conclusion: The women appeared disempowered and to lack control over the care they received. Thus, they accepted conditions such as long waiting times in an uncomfortable environment and the disrespect they encountered during their visits. There was a discrepancy between what the women expected and needed from their antenatal care and the actual care and information they received, which did not satisfy their needs. This could be due to a lack of woman-centred care and limited involvement in the plan of care. Thus, women sought further reassurance by accessing private clinics, using online information, and networking with others, which also resulted in a late booking for public antenatal care.

Published

2018