Multi-Factor Authentication Solution to Systems Login

Abstract

Authentication is the first step to protect any system against intruders and hackers. The traditional login method for systems (username and password) with one factor does not provide complete or adequate protection for systems. That is because of their ease of breaking them, either by guessing them when using weak secret numbers, or using tools to steal them without the victim's knowledge, which is considered a method vulnerable to many attacks. Many systems, currently, use additional methods to increase security, such as using a two-factor authentication based on a One-Time Password (OTP) via mobile or email, or based on biometric (finger, eye, and face), or via token devices that generate a code number periodically every certain period of time. The cost of these methods requires additional hardware equipment, and the cost becomes high at the level of small, medium, and perhaps large companies. In this thesis, a Multi-Factor Authentication System (MFAS) that combines ease of use and an increase in security over traditional methods is proposed and discussed. The proposed system does not need any special settings or infrastructure. It relies on graphic passwords by asking the user, when registering for the first time, to choose a set of not less than three images. When logging in the regular way (username/password), additional verification is requested by displaying a group of pictures, and the user is asked to choose the correct pictures that have been chosen when registering for the first time in a specific order. In addition to other verification methods, such as asking for personal information, when the system has suspicion of unusual movement on the account. The advantage of the proposed system is that it is easy to memorize and more practical. It has been tested on a group of users, where they have not faced any difficulties using it. Studies and psychologists have shown that the user does not prefer using a difficult password for authentication, moreover user prefers using images since it is ease to remember over the secret numbers. Another advantage of the proposed system is that it may overcome many different security threats, such as key-loggers, weak passwords, screen capture attack, or shoulder surfing.