Abstract:
Successful out-of-band authentication in popular languages such as PHP has proven to be problematic and in many ways unsafe as dynamically typed languages allow for more ...Show MoreMetadata
Abstract:
Successful out-of-band authentication in popular languages such as PHP has proven to be problematic and in many ways unsafe as dynamically typed languages allow for more than one ways of doing things, and the standards set out are usually not followed. It is true that out-of-band authentication using SMS messaging enhances the security of simple passwords specified by users, however many times the handling of the One-Time-Passwords (OTP) on the server side is done with disregard of the ways an attacker can bypass the requirement for such a feature. It is therefore essential to find ways which the OTP cannot be brute-forced or circumvented, by providing mechanisms such as automatic purging of OTPs from the database and enhancing the safety of the server traffic handling as well as the HTTP form submission requests and responses with a library known as Hash cash. By using this method, a potential attacker would be met by a time-consuming challenge, which would leave any sort of brute-force, denial of service or requirement circumvention attacks impractical for gaining access to a PHP login system. Furthermore, the usage of Hash cash for credential retransmission and re-authentication for vital aspects of the user's workflow while authenticated, make such as system much more impenetrable than using simple out-of-band or other two-factor authentication schemes.
Date of Conference: 20-22 August 2014
Date Added to IEEE Xplore: 12 March 2015
ISBN Information: