Two-factor authentication (2FA) provides an additional layer of security beyond just a username and password. It requires two separate pieces of evidence to verify a user's identity. This document discusses 2FA using mobile tokens, where the second factor of authentication is something unique to the user's mobile device, like its IMEI number or a time-based one-time password generated by an app. While more secure than single-factor authentication, 2FA via mobile is still vulnerable to man-in-the-middle attacks. The document recommends establishing mutual authentication between client and server and hashing passwords and OTPs for added security when using 2FA.
Two-factor authentication (2FA) provides an additional layer of security beyond just a username and password. It requires two separate pieces of evidence to verify a user's identity. This document discusses 2FA using mobile tokens, where the second factor of authentication is something unique to the user's mobile device, like its IMEI number or a time-based one-time password generated by an app. While more secure than single-factor authentication, 2FA via mobile is still vulnerable to man-in-the-middle attacks. The document recommends establishing mutual authentication between client and server and hashing passwords and OTPs for added security when using 2FA.
Two-factor authentication (2FA) provides an additional layer of security beyond just a username and password. It requires two separate pieces of evidence to verify a user's identity. This document discusses 2FA using mobile tokens, where the second factor of authentication is something unique to the user's mobile device, like its IMEI number or a time-based one-time password generated by an app. While more secure than single-factor authentication, 2FA via mobile is still vulnerable to man-in-the-middle attacks. The document recommends establishing mutual authentication between client and server and hashing passwords and OTPs for added security when using 2FA.
Jitender 21614 AUTHENTICATION • Authentication is the process of verifying the identity of user.
• The most common technique to authenticate a
user is to use username and password. AUTHENTICATION FACTOR • Something you know.
• Something you have.
• Something you are.
Two Factor Authentication It is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. Need of 2FA • Social engineering • Phishing • Brute force attack • Shoulder Surfing • Keystroke logging • Dictionary attacks 2FA Using Mobile Tokens • It is about “something you are” or “something about your behaviour”.
• It makes use of:
Application installed on users mobile IMEI Time Stamp Seed
• Time based one time password Algorithm is used.
OTP Generation: BENEFITS :
A relatively cheaper and flexible means of OTP.
User just need to carry their mobiles with them, no
extra device is needed.
THREATS :
Still vulnerable to active attacks.
Man in the middle man attacks.
Conclusion & Recommendation • User should check and make sure the websites has https in the URL, so that the password goes encrypted while transmission.
•The OTP and PIN should be hashed before sending.
•Mutual authentication should be established between the client
and server before the session starts to ensure the user that the server can be trusted.