期刊名称:International Journal of Innovative Research in Computer and Communication Engineering
印刷版ISSN:2320-9798
电子版ISSN:2320-9801
出版年度:2017
卷号:5
期号:1
页码:874
DOI:10.15680/IJIRCCE.2017.0501181
出版社:S&S Publications
摘要:The current day web offers a wide range of e-Governance, e-commerce and other online services thatrequire strong authentication mechanisms to safeguard user’s account. In addition, these services require that auser be verified during registration to prevent duplication of accounts in cases where a fraudulent user createsmultiple accounts with different credentials to avail the welfare services. Therefore, the challenge is to protect the eservicesusing secure multi-factor authentication methods with one account per user without compromising theusability. This research discusses a multi-factor authentication (MFA) scheme which uses password, mobile tokenand question set as multiple factors for authentication. Earlier the idea of static passwords was being used but mostof the users try to use easily guessable, weak passwords or keywords from their personal information, whichmakes it easy for the intruders to guess their passwords in few combinations using Brute Force attack. Thusidea of using Multi-Factor Authentication has been introduced in the world of internet to harden the security ofnetwork and make it difficult for the attackers to crack systems. In this mechanism, users are required to providesome extra information along with their login Id and password. Most popular is using time based One-TimePasswords that are generated randomly and valid only for single login and even for short duration of time. One-Time Passwords can be generated either online or offline via various mechanisms. Along with one timepassword we are using set of questions on the basis of user activities, which need to be answered in given time. Ifuser scores sufficient, then user is authenticated by the system and the user can further access the system for presentlogin.
关键词:Multi-factor Authentication (MFA); Static Password; Time-based One Time; Passwords (TOTP);and Questions based Authentication.
