Two-factor Authentication

This study investigates the key elements an online service or product provider needs to consider when adopting another single-factor or two-factor authentication system. We also uncover the conditions that make the new one-factor or two-factor authentication system more preferable. By using the probability of system failure, this study generalizes all possible combination of authentication systems into four different cases. This generalization allows us to compare different systems and to determine the key factors managers need to consider when adopting a new authentication system. The key factors are (1) additional implementation costs, (2) customer switching which is determined by the market share and customers' preferences, and (3) expected losses when the new system fails. This study also suggests that if the provider chooses an expensive new system, the provider needs to have a larger market share to justify the spending. Also, regulators can encourage the adoption of a more secure authentication system by changing the penalty a firm faces when the system fails. Finally, it could also be preferable to have both one-factor and two-factor authentication systems depending on the customers' characteristics.

The Coronavirus (COVID-19) crisis is having a massive impact globally with a rapid spread across the globe. Which made the World Health Organization declare it a pandemic. COVID-19 has prompted countries to adopt new behaviors such as social distancing, remote work and the closure of some important businesses and sectors. At the same time, the White Berets are doing their best to absorb the epidemic. However, while white hats protect people, black hats are taking advantage of the situation, leading to the spread of a cybersecurity pandemic.
Organizations have had to adapt to the demand for remote work quickly and at scale. Many have been forced to renovate their physical offices and policies set up in a panic to enable employees to work from home without the necessary training or well-made arrangements. Most of these companies and organizations have no plans on the ground to facilitate this radical and sudden change within a short period.
In fact, only 38% of companies have a cybersecurity policy. By moving to an online environment, organizations and companies around the world have implemented a "work from home" (WFH) business model that increases attack vectors and risks to internal data.
It is noteworthy that WFH has become the new normal for people all over the world. In most scenarios, this refers to requiring employees to use their personal devices and home networks, which are often inherently insecure and lack the required security standards. [1]
The pandemic has created a formidable challenge for companies around the world. The IT they have long relied on—data centers, clouds, departmental servers, and the digital devices their remote employees use to stay connected to each other and to company data—is becoming more important. Overnight, the demands placed on digital infrastructure skyrocketed. [3]
The paper presents cybersecurity attacks during the time of the COVID-19 pandemic, and a lot of information has been collected from the World Health Organization (WHO), trusted organizations, news sources, official government reports and available research articles. The paper then categorizes cybersecurity attacks and threats in the COVID-19 period and provides recommendations and countermeasures for each type. This paper discusses cybersecurity attacks and their countermeasures and reports on ongoing cybersecurity attacks and threats in this time period. Moreover, it is also a step towards analyzing the efficiency of the state's infrastructure as well as the social behavior of hackers and criminals at the time of the pandemic. [2]

Two-factor authentication delivers authentication through devices the customers have and the information (PIN) they already known. In today’s corporate environment, the need exists to ensure that only authorized individuals or customers gain access to critical devices or services offered. This paper looks more closely at the banking industry by reviewing trends in transactions, infrastructures and consolidation using Two-factor authentication (2FA) with respect to Automated Teller Machine (ATM) and also examines the performance of the ATM.

Human authentication is the security task whose job is to limit access to physical locations or computer network only to those with authorisation. This is done by equipped authorised users with passwords, tokens or using their biometrics. Unfortunately, the first two suffer a lack of security as they are easy being forgotten and stolen; even biometrics also suffers from some inherent limitation and specific security threats. A more practical approach is to combine two or more factor authenticator to reap benefits in security or convenient or both. This paper proposed a novel two factor authenticator based on iterated inner products between tokenised pseudo-random number and the user specific fingerprint feature, which generated from the integrated wavelet and Fourier-Mellin transform, and hence produce a set of user specific compact code that coined as BioHashing. BioHashing highly tolerant of data capture offsets, with same user fingerprint data resulting in highly correlated bitstrings. Moreover, there is no deterministic way to get the user specific code without having both token with random data and user fingerprint feature. This would protect us for instance against biometric fabrication by changing the user specific credential, is as simple as changing the token containing the random data. The BioHashing has significant functional advantages over solely biometrics i.e. zero equal error rate point and clean separation of the genuine and imposter populations, thereby allowing elimination of false accept rates without suffering from increased occurrence of false reject rates.

— The ever-increasing amount of personal or sensitive data stored in a cloud data storage needs to be protected, since losing it is a very serious problem. As their popularity increases, cloud storage is becoming an option for user in keeping their data online, it poses a lot of security threats and the challenges of protecting their data from being hacked. Recent successful attacks on cloud storage provider has implemented many security controls as a security measure, such as two (2)-factor authentication. The study aims to determine the effectiveness of the said authentication method based on the algorithm used, discuss its potential benefits and weaknesses, and provide other security measures.

This paper presents the results of a project on using voice assistants to enable financial and commercial operations which require authentication with increased level of security. Several prototypes of authentication service with two-factor authentication for the purpose of voice-controlled digital banking and online payments have been developed at the Cyber Security Research Centre of London Metropolitan University. They utilize the power of the cloud technology and the attractiveness of the devices equipped with voice assistant software, such as Amazon Alexa, to provide secure method for two-factor authentication, which meets the recent standards for security of the operations in digital banking.

One of the most commonly used two-factor user authentication mechanisms nowadays is based on smart-card and password. A scheme of this type is called a smart-card-based password authentication scheme. The core feature of such a scheme is to enforce twofactor authentication in the sense that the client must have the smart-card and know the password in order to gain access to the server. In this paper, we scrutinize the security requirements of this kind of schemes, and propose a new scheme and a generic construction framework for smart-card-based password authentication. We show that a secure password based key exchange protocol can be efficiently transformed to a smartcard-based password authentication scheme provided that there exist pseudorandom functions and target collision resistant hash functions. Our construction appears to be the first one with provable security. In addition, we show that two recently proposed schemes of this kind are insecure.

This survey paper reviews all the major factors in validating three-level passwords such as one-factor authentication using passwords and two-factor authentication is not enough to provide better security to the modern digital age with remarkable advances in the field of information technology. Even when single-factor or two-factor authentication was used to secure remote access and the system, hacking tools, were simple computer programs for collecting private keys, as well as private generators have made it difficult to provide security. Security threats based on malware, such as important installed trackers, are always available to improve security risks. This is necessary the use of a safe and easy-to-use object. As a result, Three Level Security is an easy-to-use software. It also proves the use of different techniques used by different authors.

Authentication is a method for securing an account by verifying the user identity by inputting email with a password. Two factor authentications is an authentication system that combines the first-factor authentication with the second factor. General two factor authentication by entering an email or username with a password are similar. However, two factor authentication requires additional information that must be inputted by the user. Additional information can be in the form of tokens or one-time passwords (OTP). Two factor authentications generally still uses third-party services to generate token or OTP still have vulnerable because can attacked from tokens steal through MITM and found that the generated tokens with the same value. Therefore, we propose a two-factor authentication framework based on ethereum blockchain with dApp as token generation system. Firstly, outcome from the analysis of the system, next succeeded in creating a two-factor authentication system without using third-parties. Second, token system generate up to 3164 different tokens  in one second and has been collisions tested. Third, security method to protect token from MITM attack. The attacker unable to get access caused all the checking are done by dApp user authentication.

Two-factor authentication delivers authentication through devices the customers have and the information (PIN) they already known. In today’s corporate environment, the need exists to ensure that only authorized individuals or customers gain access to critical devices or services offered. This paper looks more closely at the banking industry by reviewing trends in transactions, infrastructures and consolidation using Two-factor authentication (2FA) with respect to Automated Teller Machine (ATM) and also examines the performance of the ATM.

The present voting system has many issues. The most prominent among them is the problem that the voter is not present in his/her country or local area at the time of elections, therefore, he/she is unable to cast his/her vote. Our approach aims at solving this problem. We have endeavoured to introduce an E-Voting System, which uses Android technology. The system includes an android application that will permit the voter to cast his/her vote from any remote location using mobile phone/ cell phone or any device supporting Android OS(2.2 and higher versions). This application uses two-factor authentication mechanism in order to ensure authenticity of voter’s identity. The two-factor authentication mechanism comprises of Face Recognition using Template Matching technique and OTP. Overall an effort has been made to deliver an E-voting System that provides better performance, security, accuracy and reliability to the entire Election process.

Laboratory (CSAIL) and machine-learning startup PatternEx recently developed an artificial intelligence platform called AI2 that they claim predicts cyber-attacks significantly better than existing systems by continuously incorporating input from human experts. The technology is leveraged by a continuous loop of feedback between the human analyst and AI system, called Active Contextual Modeling, and is able to learn in real-time.

This paper presents the results of a project on using voice assistants to enable financial and commercial operations which require authentication with increased level of security. Several prototypes of authentication service with two-factor authentication for the purpose of voice-controlled digital banking and online payments have been developed at the Cyber Security Research Centre of London Metropolitan University. They utilize the power of the cloud technology and the attractiveness of the devices equipped with voice assistant software, such as Amazon Alexa, to provide secure method for two-factor authentication, which meets the recent standards for security of the operations in digital banking.

In present day technological generation still, maximum of the housing societies use the old-age conventional technique for the administration work of the society. The bill generation is still done manually for each society member, and there can be hundreds of them, which is time-consuming. Keeping records of those bills and keeping track of their status is a harrowing process. All the information of the members and society's accounts is not safe on the papers. The proposed application is android based, which makes it easier for all the members to adopt it. This is enforced with Two-Factor Authentication making it fairly secure. The Admin can easily generate and view bills and monitor the billing status of all the members. The members will get notified of their pending bills. Other facilities provided in this app are a platform for scheduling events and meetings, making announcements and providing a summary of the meeting. So this app takes care of the overall needs of a housing society.

Today, most authenticating applications using passwords are being compromised and the
risk is becoming higher because it's becoming easier to download tools that will crack them. Passwords
are no longer sufficient, as threats against them increase in large quantity. With the growing use of
internet to access information resources, government and private agencies are now moving to replace
password-based user authentication with stronger, Two-factor authentication systems that strengthen
information security. Two-factor authentication requires that two parts of data be accessible, each being
from a different category. It is a secure identification process in which the user provides two means of
recognition, one of which is normally a physical token, such as a card, and the other of which is typically
something memorized, such as a password or PIN number. In general Cryptographic Smart Cards
provide a secure, portable platform for this type of Two-factor authentication systems. However, these
smart card cryptographic systems are vulnerable to traditional mathematical attacks such as Differential
and Linear Cryptanalysis attacks. These attacks explore weaknesses in cryptographic algorithms that are
represented as mathematical objects. Other form of cryptographic attacks like Differential Power
Analysis (DPA) attacks, fault attacks, replay attacks, side channel attacks, etc also exists. Hence to
overcome these attacks, a new generic framework “Smart Crypto-Stegano Card” is proposed in this
paper to enhance Two-Factor Authentication that gives users a better way to provide enhanced security
for different smart card applications.

Two-factor authentication delivers authentication through devices the customers have and the information (PIN) they already known. In today’s corporate environment, the need exists to ensure that only authorized individuals or customers gain access to critical devices or services offered. This paper looks more closely at the banking industry by reviewing trends in transactions, infrastructures and consolidation using Two-factor authentication (2FA) with respect to Automated Teller Machine (ATM) and also examines the performance of the ATM.

Two factor authentication or 2FA is a security process in which the user firstly authenticate with a physical token and then with the PIN number. Th is two-factor authentication is very secure one because when someone access our computer it very difficult. Two factor authentication is also known as Multi-Factor authentication which means an extra layer security. Currently authentication using smart card is common for mostly in banking .For mo re security each banking transaction like online banking must hold two-factor authentication. One of the main security mechanism is to ensure the identity of the client whether the user is leg itimate or not. If the valid user has a s mart card for authentication then it contains a valid user id and password then he can successfully login to the server. Proposed system gives more security for banking transactions and give a great barrier to the attackers. Proposed system will g ive more p rivacy, security and usability for the users.

Identity theft is a frightening and often very serious concern to everyone. A novel risk-mitigation algorithm, the Hybrid Transaction Algorithm, is given in an effort to provide individuals with peace of mind (HTA). With the random codes, the proposed HTA aims to implement two-factor authentication. This kind of user authentication has been generally recognized, and many businesses have begun to employ it as a security feature. This may be used to identify people and provide a secure method of buying products online. The suggested method involves using mobile devices to log into card accounts using an application in order to examine the randomly generated code. This is then entered when required on an online retailer's website in order to verify the person making the transaction. This reduces the chance of an unauthorized user using someone else's details to make fraudulent transactions. Identity thieves cannot use stolen card information to make transactions unless they have a valid code. This, in turn, protects both the customer and the credit card companies, who may be financially affected. We give one case study to demonstrate the security of our methodology in order to better understand how it may safeguard someone from having a stolen credit card used.

This paper presents the results of a project on using voice assistants to enable financial and commercial operations which require authentication with increased level of security. Several prototypes of authentication service with two-factor authentication for the purpose of voice-controlled digital banking and online payments have been developed at the Cyber Security Research Centre of London Metropolitan University. They utilize the power of the cloud technology and the attractiveness of the devices equipped with voice assistant software, such as Amazon Alexa, to provide secure method for two-factor authentication, which meets the recent standards for security of the operations in digital banking.

ABSTRACT The current research with EEG devices in the user authentication context has some deficiencies that address expensive equipment, the requirement of laboratory conditions and applicability. In this paper we address this issue by using widely available and inexpensive EEG device to verify its capability for authentication. As a part of this research, we developed two phase authentication that enables users to enhance their password with the mental state by breaking the password into smaller elements, marry them with mental state, and generate one time pad for a secure session.

This paper presents the results of a research on using voice assistants to enable financial and commercial operations which require authentication with increased level of security. Several prototypes of authentication service with two-factor authentication for the purpose of voice-controlled digital banking and online payments have been developed at the Cyber Security Research Centre of London Metropolitan University. They utilize the power of the cloud technology and the attractiveness of the devices equipped with voice assistant software to provide secure method for two-factor authentication, which meets the recent standards for security of the operations in digital banking.

Egyptian NGOs are currently being targeted by Nile Phish, a large-scale phishing campaign.  Almost all of the targets we identified are also implicated in Case 173, a sprawling legal case brought by the Egyptian government against NGOs, which has been referred to as an “unprecedented crackdown” on Egypt’s civil society.
Nile Phish operators demonstrate an intimate knowledge of Egyptian NGOs, and are able to roll out phishing attacks within hours of government actions, such as arrests.
Since publication, Citizen Lab and EIPR have been contacted by a number of additional targets. We are preparing a follow-up report, but we believe it is important to note that there is now evidence that the Nile Phish operator has engaged in phishing of 2-factor authentication codes.