Development of Two-Factor Authentication to Mitigate Phishing Attack

作     者：Varun Dixit Davinderjit Kaur Varun Dixit;Davinderjit Kaur

作者机构：Omnissa LLC Palo Alto CA USA MedROAD Lab University of Alberta Edmonton Canada 

出 版 物：《Journal of Software Engineering and Applications》 (软件工程与应用（英文）)

年 卷 期：2024年第17卷第11期

页      面：787-802页

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：Two Factor Authentication 2FA Phishing Attack Fixed 2FA TOTP HMAC 

摘      要：The two-factor authentication mechanism is gaining popularity as more people are becoming aware of the need to secure their identities. In the current form, existing 2FA systems are defenseless against phishing attacks. They do not provide any visual indicator to the user to check the website’s validity before logging in during phishing attacks. This exposes the user’s password during the phishing attack. Two-factor authentication needs to be enhanced to provide a mechanism to detect phishing attacks without adding a significant burden on the user. This research paper will propose a novel 2-FA TOTP mechanism to provide a subconscious indicator during a phishing attack. In comparison, the new proposed novel approach provides better security against phishing attack. Lastly, the mathematical analysis is performed to understand the TOTP variance and validate the security considerations against the existing 2FA systems with respect to adversary attack.