Framework for Multi-factor Authentication with Dynamically Generated Passwords

Abstract

AbstractOne of the oldest authentication methods is through a password. The password represents the knowledge element – something you should know to be authenticated. It has been present in scientific publications for many years. Password authentication has been the only method in the early years in which the UNIX operating systems originates. Even nowadays, it can hardly be bypassed. It is still used as a single authentication method in many systems. If there are higher security requirements for a particular scenario, it is used in combination with some other authentication methods and forms two-factor or multi-factor authentications. Usually, the passwords are stored locally on a server, where the users will be authenticated in an encrypted format. Another authentication technique, Time-based One Time Password (TOTP), generates different passcodes, valid for a pre-set short period. The authentication method's cost is zero based on both techniques. Password authentication is one of the oldest and almost universal authentication methods. The paper suggests an approach for dynamically generated passwords without storing them anywhere and presents a framework for authentication based on combining OTP passcode and classical passwords. This framework for authentication can be used in both users’ and P2Ps’ (host-to-host) authentication.KeywordsAuthenticationOTPTOTPPasswordTwo-Factor2FAMulti-FactorMFASecurityHash-ChainHashSHA2SHA3