Submitted in partial fulfillment of award of

Master of Computer Application (M.CA)

in
Computer Science

Faculty of Computer Application

Banasthali Vidyapith
Rajasthan
(January-May 2022)
A SEMINAR REPORT
ON

TWO FACTOR
AUTHENTICATION
Submitted by:
ARUSI KUMARI
2142854
 INDEX
1.Authentication

2.Authentication Factor
3.Two Factor Authentication

4.Business Benefits
5.2FA Using Hard Token
6.2FA Using Mobile Token

7.Response Mechanism
8.Security Analysis
 AUTHENTICATION
• Authentication is the process of verifying the identity of
user.

• The most common technique to authenticate a user is to

use username and password.
Authentication Factor
Two-factor authentication requires the use of two of
the three authentication factors:

Something only the user:

1. Knows (e.g. password, PIN, secret answer)
2. Have(e.g. ATM card, mobile phone, hard
token)
3. Is (e.g. biometric – iris, fingerprint, etc.)
 Two Factor Authentication
It is an approach to authentication which requires the
presentation of two different kinds of evidence that someone
is who they say they are.
 Threats To Password
(Needs Of 2FA)
Social Engineering
Phishing
Brute Force Attacks
Shoulder Surfing
Keystroke Logging
Eavesdropping
Dictionary Attacks
 Business Benefits of 2FA
It strengthens login security

It meets customer security expectations

It reduces the risk of data theft.

It can protect risky access methods, like remote

access.
 Tokens

What is OTP ??

OTP is a second layer of security to verify your identity

Types of OTP
 2FA Using Hard Tokens
Hardware token is a key fob which is typically carried on
your key ring and displays a pseudo- random number that
changes periodically

Probably the oldest form of 2FA, hardware tokens are small,

like a key fob, and produce a new numeric code every 30-
seconds. When a user tries to access an account, they glance
at the device and enter the displayed 2FA code back into the
site or app. 
How Hard Token 2FA Work?
Security Analysis
 2FA Using Mobile Token
Smart phones offer a variety of 2FA capabilities, enabling
companies to use what works best for them. Some devices
can recognize fingerprints, use the built-in camera for facial
recognition or iris scanning, and use the microphone for
voice recognition

It makes use of:-

 Application installed on user’s mobile
 IMEI(International Mobile Equipment Identity)
Time Stamp
Seed
How Mobile Token 2FA Work?

 User Registration on server

 OTP Generation
Security Analysis
 Response Mechanism
1.For fund transfer transaction :

The server generates code and

sends to the user. the user enter the
code provide to the internet
banking site to commit the
transaction
2.SMS with Transaction Details
 Security Analysis
THREAT

Mobile is now single point of failure .OTP is generated/received on mobile

and the verification code of transaction is also received via SMS on
mobile .if attackers has the possession of user's mobile ,then he can do
everything

RECOMMENDATION

It is necessary that a different medium is used for receiving OTP and

receiving transaction verification code