In the digital age, security remains a critical concern, especially as hackers increasingly target unsuspecting users. While various two-factor authentication (2FA) methods are widely used, there has been limited exploration of image-based authentication techniques. This paper presents a novel approach to the 2FA setup, leveraging user-provided images to generate Time-Based One-Time Passwords (TOTP). Unlike traditional methods that automatically generate shared secret keys, our approach allows users to select an image as a key component for 2FA, offering enhanced user control and security. The user-provided image aids in recognizing the correct authenticator window, reducing the risk of fraud. Users can regenerate or reset their 2FA setup by simply changing the image, thereby invalidating previous TOTP setups. Furthermore, the image can generate backup codes, enabling authentication bypass or 2FA reset in case of device loss or theft. Our method, which utilizes the RGB values of image pixels with added randomness, allows for the creation of multiple secure keys from a single image input, enhancing both flexibility and security in digital authentication.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Time-Based One Time Password Generation with Image as Secret-Key for 2FA

  • Swati Arya,
  • Shubh Shrivastava,
  • Prabhat Kumar,
  • Nilesh Bhosle,
  • Sumanpreet Kaur,
  • Laith Jasim

摘要

In the digital age, security remains a critical concern, especially as hackers increasingly target unsuspecting users. While various two-factor authentication (2FA) methods are widely used, there has been limited exploration of image-based authentication techniques. This paper presents a novel approach to the 2FA setup, leveraging user-provided images to generate Time-Based One-Time Passwords (TOTP). Unlike traditional methods that automatically generate shared secret keys, our approach allows users to select an image as a key component for 2FA, offering enhanced user control and security. The user-provided image aids in recognizing the correct authenticator window, reducing the risk of fraud. Users can regenerate or reset their 2FA setup by simply changing the image, thereby invalidating previous TOTP setups. Furthermore, the image can generate backup codes, enabling authentication bypass or 2FA reset in case of device loss or theft. Our method, which utilizes the RGB values of image pixels with added randomness, allows for the creation of multiple secure keys from a single image input, enhancing both flexibility and security in digital authentication.