Bespoke Fallback Authentication Mechanism as an extra layer of Security

Current project

Additional projects can be negotiated with SEIT supervisors who work in a related field.

Click on this link to see a spreadsheet containing a list of supervisors in SEIT and their respective research areas. Please contact the supervisors directly to negotiate a project.

We also offer research projects for Masters by Research and Master of Philosophy degrees.

All admission enquires for SEIT research degree students (e.g. Phd, Masters, MPhil) can be directed to:

Program Code: 1885

Description of work:

Australian Centre for Cyber Security (ACCS) is a world-class internationally recognised interdisciplinary research and teaching Centre, specialising in a broad range of areas in Cyber Security. ACCS is seeking prospective PhD students that are interested to undertake in the newly available research project to design a bespoke fall-back authentication mechanism as an extra layer of security.

This project investigates how one can design and develop a bespoke fallback authentication mechanism as an extra layer of security. Security questions (a.k.a., "personal knowledge questions", "secret questions" or "challenge questions" among other names) have been designed to provide an extra layer of security and verify that the person requesting access to her account. Despite the pervasiveness of security questions among many on-line services, far less attention has been paid to their security and usability.

Alternate email accounts and SMS based account mechanisms are already in use by some on-line services to authenticate users who have forgotten their passwords. However, these mechanisms could oppose security at times as an email address may expire due to changes in affiliations (jobs, organization, institution, school or Internet Service Provider). Failure of the SMS mechanism could occur if the user does not have access to their mobile telephone. Secondly, mobile telephones are not only prone to get lost and stolen but also frequently shared among family and peers.

Applicants of exceptional research potential can apply for Scholarships from the University of New South Wales. Further information regarding the available Scholarships and how to apply is available at:


Prospective candidates will have a Bachelor’s (First Class with Honours) or Master’s degree (with Distinction) in Computer Science, Cyber Security or Human Computer Interaction (HCI) and a strong passion for study human factors in cyber security.

Good programming skills (such as rapid prototyping using programming tools, for example, Java, Android SDK, JavaScript or PhP) are mandatory and previous coding experience is a plus. Applicants who have hands-on experience and skill in HCI design, rapid prototyping and evaluation approaches are certainly welcome to apply.

Prospective candidates can forward their CV including GPA and discuss the particular projects or application process with Nalin Asanka.

Dr Nalin Asanka Gamagedara Arachchilage is a Lecturer in Cyber Security at the Australian Centre for Cyber Security (ACCS) at the University of New South Wales (UNSW Canberra at the Australian Defence Force Academy). He holds a PhD in Usable Security from the Brunel University London, UK where he developed a game design framework to protect computer users against “phishing attacks”. His research is inter-disciplinary in nature and has published numerous articles at reputed international conferences and journals. Apart from his academic career, Nalin has also worked on a number of software engineering roles ranging from Programmer, Software Engineer and IT Manager.


Dr Nalin Asanka Gamagedara Arachchilage