:Submitted by

Alaa Firas Makki
  Tabark Nihad Khairi

Supervised by:M.Sc. Muneam Jabbar Hamzah

Abstract

People almost use their usernames and passwords to authenticate themselves. This classical way of authentication with a username-password pair is often insufficient because there are many ways that an attacker can use to get access to the credentials. The attacker can guess passwords using a dictionary, sniff network traffic, or install malicious software on victims’ computers that can record keystrokes and send them to an attacker host. This problem can be solved by using another factor besides using passwords to authenticate users. Some applications send messages to users on their cellphones as a second factor to verify their identities. Others use key generator to generate keys that are used for one time only. Using just passwords is insufficient for the aforementioned reasons. Also, using a key generator alone is not safe because it can be lost or stolen giving attackers the right to have a full access to users’ accounts. Using these two factors can prevent attackers from get access to users’ accounts because even in case of an attacker obtains a user’s password, s/he still needs to use a specified key generator and vice versa. Therefore, two-factor authentication is a strong method to protect applications and accounts from the epidemic of password thefts.

Comments are disabled.