Two-factor authentication (2FA) is an effective measure to safeguard against password attacks (e.g., guessing, credential stuffing). However, many existing 2FA methods are neither user-friendly nor protect adequately against phishing, particularly real-time (person-in-the-middle) attacks. We introduce BlueTOTP, a novel approach that leverages Bluetooth to automatically transmit time-based one-time passwords (TOTP) and verify the requesting domain before issuing the second factor. By reducing manual interactions and ensuring domain legitimacy, BlueTOTP streamlines the authentication process and mitigates phishing risks. We present the design and implementation of BlueTOTP, followed by an evaluation of its usability and performance. BlueTOTP not only improves the user experience during authentication but also significantly reduces the overall time required to complete 2FA authentication.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

BlueTOTP: Designing Phishing-Resistant and User-Friendly Two-Factor Authentication

  • Marian Käsemodel,
  • Verena Winterhalter,
  • Felix Heisel,
  • Florian Alt,
  • Bastian Pfleging

摘要

Two-factor authentication (2FA) is an effective measure to safeguard against password attacks (e.g., guessing, credential stuffing). However, many existing 2FA methods are neither user-friendly nor protect adequately against phishing, particularly real-time (person-in-the-middle) attacks. We introduce BlueTOTP, a novel approach that leverages Bluetooth to automatically transmit time-based one-time passwords (TOTP) and verify the requesting domain before issuing the second factor. By reducing manual interactions and ensuring domain legitimacy, BlueTOTP streamlines the authentication process and mitigates phishing risks. We present the design and implementation of BlueTOTP, followed by an evaluation of its usability and performance. BlueTOTP not only improves the user experience during authentication but also significantly reduces the overall time required to complete 2FA authentication.