Authentication Key-Exchange Using SMS for Web-Based Platforms

Abstract

One of the advantages of One Time Password (OTP) is that it’s free from brute force, replay, and shoulder attacks. The codes may originate from different entropy attributes and schemes, such as true random and digital random number generators. Businesses, organizations, and academic institutions have adopted OTP methods for credit card transaction confirmation, recalling forgotten passwords, and validating web portal accounts. This paper proposed a new method in authenticating login credentials using a 3 × 3 matrix and random system key as Two-Factor Authentication (2FA) with an SMS-enabled feature. We used the 6-codes pseudorandom method and a 4-codes validation to allow mobile flexibility and ensure that the user has the required access. The page link and evaluation form are sent to students, IT professionals, and researchers. The results showed respondents are satisfied in terms of functionality, usability, efficiency, and reliability. The developed system could safeguard information, disallow unauthorized access, and impose acceptable data protection measures and minimal system requirements to use the system.