Moderated by: Dr. Leandros Maglaras, De Montfort University, UK
Motivation and Context:
The majority of computer systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for different accounts, administrators never check password files for flaws that might lead to a successful cracking, and the lack of a tight security policy regarding regular password replacement are a few problems that need to be addressed.
The proposed tutorial focuses on 2FA technology and security issues. In order to offer higher security and simplicity, as compared to modern multi factor authentication techniques we present a novel 2FHA mechanism that aims at enhancing security, preventing penetrations, password theft, and attempted break-ins towards securing computing systems. The selected solution approach is two-folded; it implements a two-factor authentication scheme to prevent unauthorized access, accompanied by Honeyword principles to detect corrupted or stolen tokens. Both can be integrated into any platform or web application with the use of QR codes and a mobile phone.
Structure and Content:
1. Modern Landscape
2. Authentication Mechanisms
3. QR codes
4. MultiFactor Authentication mechanisms – Biometrics
5. Security of 2FA
6. Social Engineering – theory and case study
7. Honeywords – theory and implementation
8. Proposed 2FHA mechanism – theory and demonstration
9. Future Directions
Level/Prerequisites:
Basic programming, basic security principles