Development of Two-factor Authentication Login System Using Dynamic Password with SMS Verification
Автор: Abimbola Rhoda Iyanda, Mayokun Ebenezer Fasasi
Журнал: International Journal of Education and Management Engineering @ijeme
Статья в выпуске: 3 vol.12, 2022 года.
Бесплатный доступ
Two-factor authentication is a method of security that adds an extra layer of protection by requiring users to have two different authentication factors to verify identity. In recent years, institutions and organizations have become more concerned with the security aspects of their networks and systems, and one of these aspects is ensuring that the individual seeking access to the system is who he claims to be. With the advancement in technology and science over time, it has been seen that the safety and security of sensitive information or data transferred over the internet from one network to another has become increasingly relevant. The reliance on access to login accounts and the use of static passwords makes it easy for hackers, identity thieves, and fraudsters to gain access. Therefore, there is a need to find solutions to overcome the weaknesses to provide a more secure environment, hence, adding another step of authentication to individual identity makes it more difficult for an attacker to gain access to personal data. The proposed system generates dynamic password (OTP), which helps to add another level of security to the system against Dictionary attack, Brute-force attack especially Perfect-Man-In-The-Middle attack. The project used the Obafemi Awolowo University (OAU) e-portal login system as a case study. The system was implemented using the MySQL, CSS, HTML and PHP programming language and evaluated using reliability, effectiveness, efficiency, usability, expediency, and satisfactoriness as metrics. A questionnaire was formulated using a rating scale of 1 - 5, with 1 representing extremely poor and 5 representing excellent. The questionnaire was given to twenty (20) randomly selected students of OAU. The average score was determined and all the metrics scored higher than 4.0, which signifies a good rating. The system developed is a useful starting point for future development in security applications that require two-factor authentication. The result show that with the developed system, it can be assured that all logins are legitimate and that users are safe by verifying that the individual seeking access to the system is who he claims to be. A more user-friendly GUI is planned for the future and expanding the OTP algorithm such that password can be generated based on different cryptographic functions.
Two-factor Authentication, Dynamic Password, Verification, Records, Information, Attacks
Короткий адрес: https://sciup.org/15018408
IDR: 15018408 | DOI: 10.5815/ijeme.2022.03.02
Список литературы Development of Two-factor Authentication Login System Using Dynamic Password with SMS Verification
- Maayan, G. D. (2020). 5 User Authentication Methods that Can Prevent the Next Breach. https://www.idrnd.ai/5-authentication-methods-that-can-prevent-the-next-breach/. Visited: March 2022
- Dhamija, R., & Perrig, A. (2000). Deja {Vu--A} User Study: Using Images for Authentication. In 9th USENIX Security Symposium (USENIX Security 00).
- Stein, A. (2022). “What Is Password Hacking?”, http://itstillworks.com/password-hacking-7273695.html. Visited: March 2022
- Jacob, J., Jha, K., Kotak, P., & Puthran, S. (2015, October). Mobile attendance using near field communication and one-time password. In 2015 International Conference on Green Computing and Internet of Things (ICGCIoT) (pp. 1298-1303). IEEE.
- Beal, V. (2021). “Cryptography”, https://www.webopedia.com/definitions/cryptography/. Visited: March 2022
- Al-Hazaimeh, O. M. A. (2013). A new approach for complex encrypting and decrypting data. International Journal of Computer Networks & Communications, 5(2), 95.
- Thitme, S., & Verma, V. K. (2016). A recent study of various encryption and decryption techniques. International Research Journal of Advanced Engineering and Science, 1(3), 92-94
- Loshin, P. and Cobb, M Techtarget. [Online] (2022). Encryption”. https://www.techtarget.com/searchsecurity/definition/encryption. Visited March, 2022
- Singh, G. (2013). A study of encryption algorithms (RSA, DES, 3DES and AES) for information security. International Journal of Computer Applications, 67(19).
- Techtarget (2021). Authorization. https://www.techtarget.com/searchsoftwarequality/definition/authorization. Visited: December 2021.
- Jorstad, I., & Jonvik, T. (2009, October). Strong authentication with mobile phone as security token. In 2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems (pp. 777-782). IEEE.
- Wallen, J. (2020). “What is Two Factor Authentication”, https://www.lifewire.com/how-to-use-two-factor-authentication-4686242. Visited: March 2022
- Yıldırım, N., & Varol, A. (2015). Android based mobile application development for web login authentication using fingerprint recognition feature. In 2015 23nd Signal Processing and Communications Applications Conference (SIU) (pp. 2662-2665). IEEE.”.
- Eminagaoglu, M., Cini, E., Sert, G., & Zor, D. (2014, September). A two-factor authentication system with QR codes for web and mobile applications. In 2014 Fifth International Conference on Emerging Security Technologies (pp. 105-112). IEEE.
- Sathya T.N, Indu S, and Saravana Kumar V. (2013). “a stand-alone and sms-based approach for authentication using mobile phone”, IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.
- Kalaikavitha, E., & Gnanaselvi, J. (2013). Secure login using encrypted one time password (OTP) and mobile based login methodology. International Journal of Engineering and Science, 2(10), 14-17.
- Quadry, K. M., Govardhan, A., & Misbahuddin, M. (2021). Design, Analysis, and Implementation of a Two-factor Authentication Scheme using Graphical Password. International Journal of Computer Network & Information Security, 13(3).