This is one of 4620 IT projects that we have successfully completed with our customers.

How can we support you?

Weißes Quadrat mit umrandeten Seiten rechts oben

Development of a prototype for multi-factor authentication

Project duration: 1 month

Brief description

In view of the fact that it is no longer sufficient to use just a user name and password to log in to web applications, the aim of the project is to create an overview of the procedures and technologies that exist for user authentication. After extensive research, the PTA has focused on one-time passwords that are created during login and transmitted to the user via QR code.

Supplement

In the course of the research work, several security procedures and Python packages that implement them are evaluated. In addition to hashed and time-based one-time passwords, approaches for password-free login were also considered, such as device-based security procedures in which each account is linked to a physical hardware key. Ultimately, the creation of time-based one-time passwords using the Python package PyOPT proved to be the most suitable. This approach is implemented in a prototype that generates such a one-time password in addition to the usual login using a password and user name. The user can scan this using a QR code with their smartphone and evaluate it using an authenticator app.

Subject description

The aim of an authentication procedure is to verify the identity of the user in order to prevent misuse. If you only rely on a verification, such as a password, this login procedure is vulnerable if unauthorized persons manage to obtain the password. By adding further security procedures (so-called factors), such as a link to a physical device, misuse can still be prevented. This is referred to as multi-factor authentication (MFA) or two-factor authentication if exactly two factors are used. With time-based one-time passwords, a hash algorithm is used to create a password based on the time interval in which the login takes place, which is then valid for a limited time and can only be used once.

Overview

Project period17.05.2023 - 22.06.2023

Have we sparked your interest?

Jetzt Kontakt aufnehmen

Zum Umgang mit den hier erhobenen Daten informieren wir in unserer Datenschutzerklärung.

Contact now

We provide information on the handling of the data collected here in our privacy policy.

Download file

We provide information on the handling of the data collected here in our privacy policy.