期刊名称:International Journal of Innovative Research in Computer and Communication Engineering
印刷版ISSN:2320-9798
电子版ISSN:2320-9801
出版年度:2018
卷号:6
期号:6
页码:6519-6526
DOI:10.15680/IJIRCCE.2018.0606066
出版社:S&S Publications
摘要:The current day web offers a wide range of e-Governance, e-commerce and other online services that
require strong authentication mechanisms to safeguard user’s account. In addition, these services require that a user
be verified during registration to prevent duplication of accounts in cases where a fraudulent user creates multiple
accounts with different credentials to avail the welfare services. Therefore, the challenge is to protect the e- services
using secure multi-factor authentication methods with one account per user without compromising the usability. This
research discusses a multi-factor authentication (MFA) scheme which uses password, mobile token and question set as
multiple factors for authentication. Earlier the idea of static passwords was being used but most of the users try to use
easily guessable, weak passwords or keywords from their personal information, which makes it easy for the
intruders to guess their passwords in few combinations using Brute Force attack. Thus idea of using MultiFactor
Authentication has been introduced in the world of internet to harden the security of network and make it
difficult for the attackers to crack systems. In this mechanism, users are required to provide some extra information
along with their login Id and password. Most popular is using time based One-Time Passwords that are generated
randomly and valid only for single login and even for short duration of time. One-Time Passwords can be generated
either online or offline via various mechanisms. Along with one time password we are using set of questions on the
basis of user activities, which need to be answered in given time. If user scores sufficient, then user is authenticated by
the system and the user can further access the system for present login.
关键词:Multi;factor Authentication (MFA); Static Password; Time;based One Time; Passwords (TOTP)
and Questions based Authentication;
