Adaptive Multi-Factor Authentication With Federated and Temporal Learning: A Survey
Online First: 08/05/2026
Corressponding author's email:
2591309@student.hcmute.edu.vnDOI:
https://doi.org/10.54644/jte.2026.2075Keywords:
Adaptive Multi-Factor Authentication (Adaptive MFA), Federated Learning, Temporal Graph Learning, Authentication Security, Risk-Based AuthenticationAbstract
Multi-Factor Authentication (MFA) has become a fundamental security mechanism for protecting modern information systems against credential-based attacks. While empirical studies have demonstrated that MFA significantly reduces account compromise, most deployed solutions rely on static authentication policies that introduce unnecessary user friction and remain vulnerable to advanced attacks such as phishing proxies and MFA fatigue. To address these limitations, adaptive and risk-based authentication mechanisms have been proposed, but they commonly depend on centralized data collection and centralized machine learning, raising serious concerns regarding privacy, scalability, and regulatory compliance. This survey provides a comprehensive review of adaptive MFA systems with a particular focus on Federated Learning (FL) as a privacy-preserving alternative to centralized authentication models. This survey presents a structured taxonomy of authentication frameworks based on authentication strategy, learning paradigm, and data modality, and systematically analyze existing FL-based risk-based authentication approaches. Furthermore, the survey highlights the importance of modeling authentication behavior as temporal and relational data and discuss how federated temporal graph learning can enable expressive yet privacy-aware authentication. Finally, this paper reviews commonly used datasets and evaluation practices and identify key open challenges and future research directions. This survey aims to serve as a reference and roadmap for researchers and practitioners designing next-generation adaptive and privacy-preserving authentication systems.
Downloads: 0
References
J. Bonneau, C. Herley, P. C. van Oorschot, and F. Stajano, “The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes,” in 2012 IEEE Symposium on Security and Privacy, May 2012, pp. 553–567. doi: 10.1109/SP.2012.44. DOI: https://doi.org/10.1109/SP.2012.44
S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero Trust Architecture,” National Institute of Standards and Technology, Aug. 2020. doi: 10.6028/NIST.SP.800-207. DOI: https://doi.org/10.6028/NIST.SP.800-207-draft2
H. Ramcharan, “The Effective Integration of Multi-Factor Authentication (MFA) with Zero Trust Security,” Open Access Am. J. Math. Comput. Model., vol. 10, no. 1, pp. 1–5, 2025, doi: 10.11648/j.ajmcm.20251001.11. DOI: https://doi.org/10.11648/j.ajmcm.20251001.11
H. B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-Efficient Learning of Deep Networks from Decentralized Data,” Jan. 26, 2023, arXiv: arXiv:1602.05629, doi: 10.48550/arXiv.1602.05629.
M. Syahreen, N. Hafizah, N. Maarop, and M. Maslinan, “A Systematic Review on Multi-Factor Authentication Framework,” Int. J. Adv. Comput. Sci. Appl., vol. 15, no. 5, 2024, doi: 10.14569/IJACSA.2024.01505105. DOI: https://doi.org/10.14569/IJACSA.2024.01505105
S. P. Pote and G. C. Shinde, "A Survey on Adaptive Multi-factor Authentication using Machine Learning," International Journal of Advanced Research in Science, Communication and Technology (IJARSCT), vol. 2, no. 9, pp. 118-121, May 2022, doi: 10.48175/IJARSCT-3977.
A. K. Wee, E. G. Chekole, and J. Zhou, “Excavating Vulnerabilities Lurking in Multi-Factor Authentication Protocols: A Systematic Security Analysis,” ACM Comput. Surv., vol. 57, no. 11, pp. 1–37, Nov. 2025, doi: 10.1145/3734864. DOI: https://doi.org/10.1145/3734864
S. Wiefling, L. L. Iacono, and M. Dürmuth, “Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild,” vol. 562, 2019, pp. 134–148, doi: 10.1007/978-3-030-22312-0_10. DOI: https://doi.org/10.1007/978-3-030-22312-0_10
T. Suleski, M. Ahmed, W. Yang, and E. Wang, “A review of multi-factor authentication in the Internet of Healthcare Things,” Digit. Health, vol. 9, p. 20552076231177144, Jan. 2023, doi: 10.1177/20552076231177144. DOI: https://doi.org/10.1177/20552076231177144
H. Fereidouni, A. S. Hafid, D. Makrakis, and Y. Baseri, “F-RBA: A Federated Learning-based Framework for Risk-based Authentication,” Dec. 16, 2024, arXiv: arXiv:2412.12324, doi: 10.48550/arXiv.2412.12324.
Y. Baseri, A. S. Hafid, D. Makrakis, and H. Fereidouni, “Privacy-Preserving Federated Learning Framework for Risk-Based Adaptive Authentication,” Sep. 19, 2025, arXiv: arXiv:2508.18453, doi: 10.48550/arXiv.2508.18453.
N. Tran, P. Ta, H. Nguyen, H. D. Nguyen, and A.-C. Le, “Hybrid contextual and sentiment-based machine learning model for identifying depression risk in social media,” Expert Syst. Appl., vol. 291, Art. no. 128505, 2025, doi: 10.1016/j.eswa.2025.128505. DOI: https://doi.org/10.1016/j.eswa.2025.128505
H. D. Nguyen and C. Sakama, “Feature Learning by Least Generalization,” in Inductive Logic Programming, Lecture Notes in Computer Science, pp. 193–202, Feb. 2022, doi: 10.1007/978-3-030-97454-1_14. DOI: https://doi.org/10.1007/978-3-030-97454-1_14
L. V. Thinh, " Journal of Science and Technology on Information Security, vol. 24, no. 1, 2025. Federated Trust-Based Authentication for Secure Mobile Cloud Access," doi: 10.54654/isj.v1i24.1113 DOI: https://doi.org/10.54654/isj.v1i24.1113
A. Badhib, S. Alshehri, and A. Cherif, “IoT Authentication in Federated Learning: Methods, Challenges, and Future Directions,” Sensors, vol. 25, no. 24, Art. no. 7619, 2025, doi: 10.3390/s25247619. DOI: https://doi.org/10.3390/s25247619
L. A. Meyer, S. Romero, G. Bertoli, T. Burt, A. Weinert, and J. L. Ferres, “How effective is multifactor authentication at deterring cyberattacks?” May 01, 2023, arXiv: arXiv:2305.00945, doi: 10.48550/arXiv.2305.00945.
B. D. Deebak and S. O. Hwang, “Federated Learning-Based Lightweight Two-Factor Authentication Framework with Privacy Preservation for Mobile Sink in the Social IoMT,” Electronics, vol. 12, no. 5, Art. no. 1250, 2023, doi: 10.3390/electronics12051250. DOI: https://doi.org/10.3390/electronics12051250
R. Aziz et al., “Exploring Homomorphic Encryption and Differential Privacy Techniques towards Secure Federated Learning Paradigm,” Future Internet, vol. 15, no. 9, Sep. 2023, doi: 10.3390/fi15090310. DOI: https://doi.org/10.3390/fi15090310
R. Veiga, C. B. Both, I. Medeiros, D. Rosário, and E. Cerqueira, “A Federated Learning Approach for Authentication and User Identification Based on Behavioral Biometrics,” in Proc. 41st Brazilian Symp. Comput. Netw. Distrib. Syst. (SBRC), 2023, pp. 15–28, doi: 10.5753/sbrc.2023.536. DOI: https://doi.org/10.5753/sbrc.2023.536
X. Li, Y. Li, H. Wan, and C. Wang, “Enhancing Byzantine robustness of federated learning via tripartite adaptive authentication,” Journal of Big Data, vol. 12, Art. no. 121, 2025, doi: 10.1186/s40537-025-01165-y. DOI: https://doi.org/10.1186/s40537-025-01165-y
M. I. Kamba and A. Dauda, “The Role of Multi-Factor Authentication (MFA) in Preventing Cyber Attacks,” Int. J. Res. Publ. Rev., vol. 6, no. 7, pp. 445–448, Jul. 2025.
T. Le Vinh, H. Thien Tran, H. Trang Phan, and S. Bouzefrane, “Federated Learning-Based Trust Evaluation With Fuzzy Logic for Privacy and Robustness in Fog Computing,” IEEE Access, vol. 13, pp. 137952–137972, 2025, doi: 10.1109/ACCESS.2025.3596093.
Y. Zhang, D. Zeng, J. Luo, Z. Xu, and I. King, “A survey of trustworthy federated learning with perspectives on security, robustness, and privacy,” arXiv preprint arXiv:2302.10637, 2023, doi: 10.48550/arXiv.2302.10637. DOI: https://doi.org/10.1145/3543873.3587681
H. U. Manzoor, A. Shabbir, A. Chen, D. Flynn, and A. Zoha, “A Survey of Security Strategies in Federated Learning: Defending Models, Data, and Privacy,” Future Internet, vol. 16, no. 10, 374, 2024, doi: 10.3390/fi16100374. DOI: https://doi.org/10.3390/fi16100374
E. Rossi, B. Chamberlain, F. Frasca, D. Eynard, F. Monti, and M. Bronstein, “Temporal Graph Networks for Deep Learning on Dynamic Graphs,” Oct. 09, 2020, arXiv: arXiv:2006.10637, doi: 10.48550/arXiv.2006.10637.
Y. Liu, X. Wang, and J. Zhang, “LAFED: A Lightweight Authentication Mechanism for Blockchain-Enabled Federated Learning System,” Future Generation Computer Systems, vol. 139, pp. 346–357, Jan. 2023, doi: 10.1016/j.future.2023.01.015. DOI: https://doi.org/10.1016/j.future.2023.01.015
T. Ashraf, M. M. Peerzada, M. Abdar, Y. Xie, Y. Zhou, X. Liu, I. A. Gillani, and J. Bashir, “ATR-Bench: A Federated Learning Benchmark for Adaptation, Trust, and Reasoning,” arXiv:2505.16850, 2025, doi: 10.48550/arXiv.2505.16850.
A. D. Kent, “Comprehensive, Multi-Source Cybersecurity Events.” 2015, doi: 10.17021/1179829.
J. Ji, S. Qiu, S. Ye, and X. Liu, “A Hybrid Federated–Incremental Learning Framework for Continuous Authentication in Zero-Trust Networks,” Future Internet, vol. 18, no. 3, Art. no. 154, 2026, doi: 10.3390/fi18030154. DOI: https://doi.org/10.3390/fi18030154
T. L. Vinh, H. T. Tran, H. T. Phan, and S. Le, “Federated learning-based trust evaluation with fuzzy logic for privacy and robustness in fog computing,” IEEE Access, vol. 13, pp. 137952–137972, 2025, doi: 10.1109/ACCESS.2025.3596093. DOI: https://doi.org/10.1109/ACCESS.2025.3596093
X. Ma, F. Fang, and X. Wang, “Dynamic authentication and granularized authorization with a cross-domain zero trust architecture for federated learning in large-scale IoT networks,” arXiv preprint arXiv:2501.03601 [cs.NI], 2025, doi: 10.48550/arXiv.2501.03601. DOI: https://doi.org/10.1109/TNSE.2025.3650377
Downloads
Published
How to Cite
Issue
Section
Categories
License
Copyright (c) 2026 Journal of Technical Education Science
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Copyright © JTE.
