Multi-Factor Authentication for Improved Enterprise Resource Planning Systems Security

Full Text (PDF, 626KB), PP.42-54

Views: 0 Downloads: 0


Carolyne Kimani 1,* James I. Obuhuma 2 Emily Roche 3

1. Africa Nazarene University, Nairobi, Kenya

2. Department of Computer Science, Maseno University, Private Bag, Maseno, Kenya

3. Department of Computer & Information Technology, Africa Nazarene University, Nairobi, Kenya

* Corresponding author.


Received: 16 Oct. 2022 / Revised: 25 Nov. 2022 / Accepted: 11 Feb. 2023 / Published: 8 Jun. 2023

Index Terms

Authentication, Enterprise Resource Planning System, ERP System Security, Multi-Factor Authentication, System Security


Universities across the globe have increasingly adopted Enterprise Resource Planning (ERP) systems, a software that provides integrated management of processes and transactions in real-time. These systems contain lots of information hence require secure authentication. Authentication in this case refers to the process of verifying an entity’s or device’s identity, to allow them access to specific resources upon request. However, there have been security and privacy concerns around ERP systems, where only the traditional authentication method of a username and password is commonly used. A password-based authentication approach has weaknesses that can be easily compromised. Cyber-attacks to access these ERP systems have become common to institutions of higher learning and cannot be underestimated as they evolve with emerging technologies. Some universities worldwide have been victims of cyber-attacks which targeted authentication vulnerabilities resulting in damages to the institutions reputations and credibilities. Thus, this research aimed at establishing authentication methods used for ERPs in Kenyan universities, their vulnerabilities, and proposing a solution to improve on ERP system authentication. The study aimed at developing and validating a multi-factor authentication prototype to improve ERP systems security. Multi-factor authentication which combines several authentication factors such as: something the user has, knows, or is, is a new state-of-the-art technology that is being adopted to strengthen systems’ authentication security. This research used an exploratory sequential design that involved a survey of chartered Kenyan Universities, where questionnaires were used to collect data that was later analyzed using descriptive and inferential statistics. Stratified, random and purposive sampling techniques were used to establish the sample size and the target group. The dependent variable for the study was limited to security rating with respect to realization of confidentiality, integrity, availability, and usability while the independent variables were limited to adequacy of security, authentication mechanisms, infrastructure, information security policies, vulnerabilities, and user training. Correlation and regression analysis established vulnerabilities, information security policies, and user training to be having a higher impact on system security. The three variables hence acted as the basis for the proposed multi-factor authentication framework for improve ERP systems security.

Cite This Paper

Carolyne Kimani, James I. Obuhuma, Emily Roche, "Multi-Factor Authentication for Improved Enterprise Resource Planning Systems Security", International Journal of Information Technology and Computer Science(IJITCS), Vol.15, No.3, pp.42-54, 2023. DOI:10.5815/ijitcs.2023.03.04


[1]Bett, A. K. (2018). “Challenges and Prospects of Enterprise Resource Planning (ERP) Systems in the Newly Chartered Public Universities in Kenya.” International Journal of Scientific Research and Management (IJSRM), 06(02). “doi:10.18535/ijsrm/v6i2.em01”
[2]Ziani, D., & Al-muwayshir, R. (2017). “Improving Privacy and Security in Multi-Tenant Cloud ERP Systems.” 8(5), 1–15. “doi:10.5121/acij.2017.8501”
[3]First Identity Online Alliance. (2019). “The-State-of-Strong-Authentication-2019” Report.
[4]Serianu. (2020). “Africa Cyber Security Report” 2019/2020. 1–104.
[5]Mayieka, J. M. (2019). “Emerging Issues in Cyber Security for Institutions of Higher Education.” International Journal of Computer Science and Network, 8(4).
[6]Alhakami, H., & Alhrbi, S. (2020). “Knowledge-Based Authentication Techniques and challenges.” International Journal of Advanced Computer Science and Applications, 11(2), 727–732.
[7]Obuhuma, J., & Zivuku, S. (2020). “Social Engineering Based Cyber-Attacks in Kenya”. 2020 IST-Africa Conference, IST-Africa 2020, 1–9.
[8]Akif, O. Z. (2017). “Secure Authentication Procedures Based on Timed Passwords, Honeypots, Honeywords and Multi-Factor Techniques.”
[9]Velasquez, I., Caro, A., & Rodiruez, A. (2019). “Multifactor Authentication Methods: A Framework for Their Comparison and Selection.” InTech Open Computer Network and Security.” doi:10.5772/intechopen.89876
[10]Ting, D. M. T., Hussain, O., & LaRoche, G. (2016). “Systems and Methods for Multi-Factor Authentication” (Patent No. US 9,118,656 B2).
[11]Ntonja, K. G., Muketha, G. M., & Kamau, G. N. (2020). “Cloud Data Privacy Preserving Model for Health Information Systems Based on Multi Factor Authentication.” International Journal of Recent Technology and Engineering (IJRTE), 3, 360–367. doi:10.35940/ijrte.C4458.099320
[12]Odera, S. (2016). “Integrating Passphrases as an Authentication Mechanism in E-Commerce.”, United States International University, Kenya, 2016.
[13]Chetalam, L. (2018). “Enhacing Security of M-Pesa Transactions by use of Voice Biometrics.” United States International University, Kenya, 2018.
[14]Alushula, P. (2021). “NHIF goes for Fingerprint Identity in War on Fraud.”
[15]Njoroge, P. M., Ogalo, J., & Ratemo, C. M. (2019). “A Framework for Effective Information Security Risk Management in Kenyan Public Universities.” International Journal of Social Sciences and Information Technology, October, 1–19.
[16]Miessler, D. (2021).”The Consumer Authentication Strength Maturity Model (CASMM) v5.”