A Two-Factor Authentication System with QR Codes for Web and Mobile Applications

Abstract

The use of QR code-based technologies and applications has become prevalent in recent years where QR codes are accepted to be a practical and intriguing data representation / processing mechanism amongst worldwide users. The aim of this study is to design and implement an alternative two-factor identity authentication system by using QR codes and to make the relevant mechanism and process that could be more user-friendly and practical than one-time password mechanisms used with similar purposes today. The proposed model in this project has been designed in order to enable the verification and validation steps with several security and networking options during the logon process. The model has been implemented by developing a two-factor identity verification system where the second factor is the user's smart / mobile phone device and a pseudo-randomly generated alphanumerical QR code which is used as the one-time password token sent to the user via e-mail or MMS. The proposed model has been developed using C#, asp.net and jQuery languages with symmetrical and asymmetrical cryptography standards for database encryption / hashing and network infrastructure and it has been tested as a prototype where promising results are observed regarding the efficiency, speed and security requirements for today's on-line financial services and similar e-commerce systems.