Publicação
Multi-factor graphical user authentication for web applications
| Resumo: | Nowadays, there is a current trend that leads people to use web applications, requiring additional concerns for the protection of their accounts with strong authentication methods. In this sense, this work researches the problems and solutions related with the authentication, specially concerning textual and graphical passwords. One common authentication problem is the difficulty users have in remembering textual passwords, especially when they are long and random-looking. In alternative, graphical passwords are easier to remember, because of their visual aspect. This work proposes a recognition and recall based graphical authentication methods that can be used in the challenge phase of user authentication. A security analysis is made to check the correctness of the proposed solution and how it minimizes the vulnerabilities of the authentication process. These analyses will enable us to implement these challenges in future work as an extension to authentication, authorization and accounting services, supporting a multi-factor authentication and combining these challenges with others already available. The idea is to extend an authentication method on Apache Shiro to provide developers with a common framework to develop secure web application with strong authentication, authorization and accounting. |
|---|---|
| Autores principais: | Badikyan, Hasmik |
| Outros Autores: | Pedrosa, Tiago; Lopes, Rui Pedro |
| Assunto: | Authentication Graphical passwords Web applications |
| Ano: | 2017 |
| País: | Portugal |
| Tipo de documento: | documento de conferência |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Instituto Politécnico de Bragança |
| Idioma: | inglês |
| Origem: | Biblioteca Digital do IPB |
| Resumo: | Nowadays, there is a current trend that leads people to use web applications, requiring additional concerns for the protection of their accounts with strong authentication methods. In this sense, this work researches the problems and solutions related with the authentication, specially concerning textual and graphical passwords. One common authentication problem is the difficulty users have in remembering textual passwords, especially when they are long and random-looking. In alternative, graphical passwords are easier to remember, because of their visual aspect. This work proposes a recognition and recall based graphical authentication methods that can be used in the challenge phase of user authentication. A security analysis is made to check the correctness of the proposed solution and how it minimizes the vulnerabilities of the authentication process. These analyses will enable us to implement these challenges in future work as an extension to authentication, authorization and accounting services, supporting a multi-factor authentication and combining these challenges with others already available. The idea is to extend an authentication method on Apache Shiro to provide developers with a common framework to develop secure web application with strong authentication, authorization and accounting. |
|---|