Implementing two-factor authentication

Two-factor authentication is a part of modern authentication technologies. It is also called multifactor authentication or shortly 2FA. Traditional one-factor authentication method process provides only one factor, typically a password. This is quite easy possible to hack. Two-factor authentication is based in the assumption, that two of the three factors of authentication are used. Satakunta University of Applied Sciences, later called SAMK, operates with modern ICT environment. Administrative portals and management systems needs better security. To find the best possible way is to implement secure two-factor authentication method and bring it to production use in SAMK environments. At least more complex authentication is needed with administrative systems, but the solution must be implementable also to whole staff everyday use e.g. with VPN. A first pilot environment will be made and after that the solution can be extended to heavier use. The research type used will be case study research. That research type will be best suitable to match any needs of the wanted solution. The most benefit for this thesis is Satakunta University of Applied Sciences, it will get a modern secure authentication layer for its systems and get documentation how it will work and need to be published. This is really needed in SAMK environment so benefit for the company will be good. The thesis will include two-factor authentication methods, use in on premise environment, use in cloud systems and different usage surveys and doing the implementing action in SAMK environment

A Comparative Usability Study of Two-Factor Authentication

Two-factor authentication (2F) aims to enhance resilience of password-based authentication by requiring users to provide an additional authentication factor, e.g., a code generated by a security token. However, it also introduces non-negligible costs for service providers and requires users to carry out additional actions during the authentication process. In this paper, we present an exploratory comparative study of the usability of 2F technologies. First, we conduct a pre-study interview to identify popular technologies as well as contexts and motivations in which they are used. We then present the results of a quantitative study based on a survey completed by 219 Mechanical Turk users, aiming to measure the usability of three popular 2F solutions: codes generated by security tokens, one-time PINs received via email or SMS, and dedicated smartphone apps (e.g., Google Authenticator). We record contexts and motivations, and study their impact on perceived usability. We find that 2F technologies are overall perceived as usable, regardless of motivation and/or context of use. We also present an exploratory factor analysis, highlighting that three metrics -- ease-of-use, required cognitive efforts, and trustworthiness -- are enough to capture key factors affecting 2F usability.Comment: A preliminary version of this paper appears in USEC 201

Two factor authentication framework based on ethereum blockchain with dApp as token generation system instead of third-party on web application

Authentication is a method for securing an account by verifying the user identity by inputting email with a password. Two factor authentications is an authentication system that combines the first-factor authentication with the second factor. General two factor authentication by entering an email or username with a password are similar. However, two factor authentication requires additional information that must be inputted by the user. Additional information can be in the form of tokens or one-time passwords (OTP). Two factor authentications generally still uses third-party services to generate token or OTP still have vulnerable because can attacked from tokens steal through MITM and found that the generated tokens with the same value. Therefore, we propose a two-factor authentication framework based on ethereum blockchain with dApp as token generation system. Firstly, outcome from the analysis of the system, next succeeded in creating a two-factor authentication system without using third-parties. Second, token system generate up to 3164 different tokens  in one second and has been collisions tested. Third, security method to protect token from MITM attack. The attacker unable to get access caused all the checking are done by dApp user authentication

Cryptanalysis on Privacy-Aware Two-factor Authentication Protocol for Wireless Sensor Networks

Das first proposed two-factor authentication combining the smart card and password to resolve the security problems of wireless sensor networks (WSNs). After that, various researchers studied two-factor authentication suitable for WSNs. In user authentication protocols based on the symmetric key approach, a number of elliptic curve cryptography (ECC)-based authentication protocols have been proposed. To resolve the security and efficiency problems of ECC-based two-factor authentication protocols, Jiang et al. proposed a privacy-aware two-factor authentication protocol based on ECC for WSNs. However, this paper performs a vulnerability analysis on Jiang et al.’s authentication protocol and shows that it has security problems, such as a lack of mutual authentication, a risk of SID modification and DoS attacks, a lack of sensor anonymity, and weak ID anonymity