Security Vulnerabilities of Popular Multifactor Authentication Methods and a Remedy
Published: 2023
Author(s) Name: Shushan Zhao |
Author(s) Affiliation: Dept. of Comp. Electronics and Graphics Tech., Central Connecticut State Univ., New Britain, U.S.A.
Locked
Subscribed
Available for All
Abstract
Authentication is of paramount importance for online services. Many online services are still using password as single authentication method, but this is not considered secure any more. Many others have switched to multifactor authentication mechanism. Nowadays many online service providers use One-time Password (OTP) as a supplementary authentication method to verify identity of the user. There are two major methods to generate OTPs: Time-based One-time Password (TOTP) and HMAC-based One-time Password (HOTP). We notice that there are several limitations or weaknesses with both. In this work, we first show some security vulnerabilities of TOTP and HOTP, then we present security improvement methods. We analyze and discuss the security features of proposed solution. The solution is generic to all platforms and operating systems, and our analysis demonstrates that it addresses security vulnerabilities of them.
Keywords: Multifactor authentication, OTP.
View PDF