A Survey on Trends of Two-Factor Authentication

Abstract

AbstractThe rapid increase of cybercriminals on identity theft and data breaches due to weak authentication schemes, user’s poor password management experience, and attacks such as phishing and man-in-the-middle attacks firmly shifts the traditional way of authentication method (i.e., user name/passwords) to multifactor authentication security control. However, different organization starts implementing different ways of two-factor authentication (2FA) prevention mechanism which is the simplest form of multifactor authentication (MFA). This 2FA is mostly achieved by combining different factors such as what you know (i.e., PIN, password, etc.), what you have (i.e., one-time password (OTP), token, digital certificate, etc.) and what you are (i.e., fingerprint, iris, etc.) with traditional username and password. Even if an organization such as banking and e-commerce sectors started using this solution still multifactor authentication, not in impenetrable stage and multiple cases, has come out that highlights some of the weaknesses of these security measures. Bad guys will use a variety of attack methods such as social engineering (phishing), man-in-the-middle attacks (MITA), and breaching of weak credential to gain authentication access of a secure network infrastructure. The most effective methods for mitigating the risk of authentication process from being compromised by bad guys are to find out a solution that reduces the process of the user and builds the authentication process with strong cryptography which follows standards mainly by using digital certificates. In this survey study, we will briefly analyze different types of two-factor authentication based on their performance and we will suggest the best strong methods of multifactor authentication accordingly.Keywords2FAMFADigital certificateAuthenticationOTPMITMMutual authentication