Development of a prototype for multi-factor authentication
Project duration: 1 month
Brief description
In view of the fact that it is no longer sufficient to use just a user name and password to log in to web applications, the aim of the project is to create an overview of the procedures and technologies that exist for user authentication. After extensive research, the PTA has focused on one-time passwords that are created during login and transmitted to the user via QR code.
Supplement
In the course of the research work, several security procedures and Python packages that implement them are evaluated. In addition to hashed and time-based one-time passwords, approaches for password-free login were also considered, such as device-based security procedures in which each account is linked to a physical hardware key. Ultimately, the creation of time-based one-time passwords using the Python package PyOPT proved to be the most suitable. This approach is implemented in a prototype that generates such a one-time password in addition to the usual login using a password and user name. The user can scan this using a QR code with their smartphone and evaluate it using an authenticator app.
Subject description
The aim of an authentication procedure is to verify the identity of the user in order to prevent misuse. If you only rely on a verification, such as a password, this login procedure is vulnerable if unauthorized persons manage to obtain the password. By adding further security procedures (so-called factors), such as a link to a physical device, misuse can still be prevented. This is referred to as multi-factor authentication (MFA) or two-factor authentication if exactly two factors are used. With time-based one-time passwords, a hash algorithm is used to create a password based on the time interval in which the login takes place, which is then valid for a limited time and can only be used once.