Phishing-resistant multi factor authentication

Kuek, En Yee (2025) Phishing-resistant multi factor authentication. Final Year Project, UTAR.

Preview

PDF Download (4Mb) | Preview

Abstract

The advent of the internet has revolutionized how people connect and interact, but it also brings various severe consequences such as data leakage when weak authentication method is implemented. Two-factor authentication(2FA) is a widely adopted method, yet vulnerabilities have been discovered to bypass it. Traditional 2FA typically combines something a user knows (like a password) with something they have (like a temporary verification code from a physical device). However, this approach is still susceptible to attacks such as phishing attacks, especially Real-Time Phishing(RTP) attack. Location-based multi authentication (MFA) methods have been proposed to mitigate RTP techniques that exploit traditional OTP-based verification. By replacing the OTP mechanism with a geolocation verification step, it add a layer of security to the authentication process. Limitations on previously proposed location-based multi-factor authentication are additional user step for adaptation, mobile-based, and additional costs due to hardware requirements. This paper suggests incorporating location as an extra security layer while maintaining the user-friendliness and seamlessness of existing two-factor authentication methods, thus creating a user-friendly and seamless multifactor authentication solution. The performance of this proposed authentication method is evaluated against various attacks, notably RTP attack. Area of Study: Cybersecurity, Authentication Keywords: Multi-Factor Authentication, Real-Time Phishing Attack, MERN Stack, Location Verification, Two-factor Authentication, Phishing Attack

Actions (login required)