Time-Based One Time Password Generation with Image as Secret-Key for 2FA
摘要
In the digital age, security remains a critical concern, especially as hackers increasingly target unsuspecting users. While various two-factor authentication (2FA) methods are widely used, there has been limited exploration of image-based authentication techniques. This paper presents a novel approach to the 2FA setup, leveraging user-provided images to generate Time-Based One-Time Passwords (TOTP). Unlike traditional methods that automatically generate shared secret keys, our approach allows users to select an image as a key component for 2FA, offering enhanced user control and security. The user-provided image aids in recognizing the correct authenticator window, reducing the risk of fraud. Users can regenerate or reset their 2FA setup by simply changing the image, thereby invalidating previous TOTP setups. Furthermore, the image can generate backup codes, enabling authentication bypass or 2FA reset in case of device loss or theft. Our method, which utilizes the RGB values of image pixels with added randomness, allows for the creation of multiple secure keys from a single image input, enhancing both flexibility and security in digital authentication.