Scribd Logo
Upload

Welcome to Scribd!

  • Two Factor Authentication

    Uploaded by

    Kalpna Chandel
    3 views18 pages
    Two-factor authentication (2FA) provides an additional layer of security beyond just a username and password. It requires two separate pieces of evidence to verify a user's identity. This document discusses 2FA using mobile tokens, where the second factor of authentication is something unique to the user's mobile device, like its IMEI number or a time-based one-time password generated by an app. While more secure than single-factor authentication, 2FA via mobile is still vulnerable to man-in-the-middle attacks. The document recommends establishing mutual authentication between client and server and hashing passwords and OTPs for added security when using 2FA.

    Original Description:

    Original Title

    TWO FACTOR AUTHENTICATION.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Two-factor authentication (2FA) provides an additional layer of security beyond just a username and password. It requires two separate pieces of evidence to verify a user's identity. This document discusses 2FA using mobile tokens, where the second factor of authentication is something unique to the user's mobile device, like its IMEI number or a time-based one-time password generated by an app. While more secure than single-factor authentication, 2FA via mobile is still vulnerable to man-in-the-middle attacks. The document recommends establishing mutual authentication between client and server and hashing passwords and OTPs for added security when using 2FA.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views18 pages

    Two Factor Authentication

    Uploaded by

    Kalpna Chandel
    Two-factor authentication (2FA) provides an additional layer of security beyond just a username and password. It requires two separate pieces of evidence to verify a user's identity. This document discusses 2FA using mobile tokens, where the second factor of authentication is something unique to the user's mobile device, like its IMEI number or a time-based one-time password generated by an app. While more secure than single-factor authentication, 2FA via mobile is still vulnerable to man-in-the-middle attacks. The document recommends establishing mutual authentication between client and server and hashing passwords and OTPs for added security when using 2FA.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 18

    Submitted by-

    Jitender
    21614
    AUTHENTICATION
    • Authentication is the process of verifying the
    identity of user.

    • The most common technique to authenticate a


    user is to use username and password.
    AUTHENTICATION
    FACTOR
    • Something you know.

    • Something you have.

    • Something you are.


    Two Factor Authentication
    It is an approach to authentication which
    requires the presentation of two different
    kinds of evidence that someone is who
    they say they are.
    Need of 2FA
    • Social engineering
    • Phishing
    • Brute force attack
    • Shoulder Surfing
    • Keystroke logging
    • Dictionary attacks
    2FA Using Mobile Tokens
    • It is about “something you are” or “something about your
    behaviour”.

    • It makes use of:


     Application installed on users mobile
     IMEI
     Time Stamp
     Seed

    • Time based one time password Algorithm is used.


    OTP Generation:
    BENEFITS :

     A relatively cheaper and flexible means of OTP.

     User just need to carry their mobiles with them, no


    extra device is needed.

    THREATS :

     Still vulnerable to active attacks.

     Man in the middle man attacks.


    Conclusion &
    Recommendation
    • User should check and make sure the websites has https in
    the URL, so that the password goes encrypted while
    transmission.

    •The OTP and PIN should be hashed before sending.

    •Mutual authentication should be established between the client


    and server before the session starts to ensure the user that the
    server can be trusted.

    •Using split key technique for authentication.

    You might also like