Human-in-the-Middle: Increasing security of two-factor authentication

Abstract

Online security and security of personal information is an important topic in information technology. Due to the recent high-profile security breaches as a result of authentication manipulation, there has been a growing need for enhanced methods of authentication as attackers have become more skilled in defeating existing authentication mechanisms. Attackers have resulted to phishing, social engineering, token interception and other highly sophisticated attackers all to gain access to the accounts of user. These attacks have resulted in serious damages for individuals and organizations. As a result, methods, such as, Two-Factor Authentication (2FA) have been introduced to. Nevertheless, loopholes major vulnerabilities in the existing two-factor authentication implementation. In this paper, This paper analyzes the. The are listed and analyzed, and the methods of manipulation explained. This paper finally suggests a solution of a web platform service which utilizes the mobile phones of users as a form of secure confirmation of the identity of the user through a dedicated mobile application. This solution hopes to eliminate the need for communication of security parameters of the traditional telephone network.