Two-Factor Human Authentication for Mobile Applications

Generally, a two-factor authentication system verifies the user using three credentials in two steps. These three credentials are a password, a private key assigned to the user in his mobile app and a fingerprint. All these three credentials fell into different categories which are “Something you know,” “Something you have,” and “Something you are.” Credentials from these three categories have been used for people to prove who they claimed to be even before the days of the Internet. This application system combines credentials from all these three categories in order to provide a secure way of authentication that is hardly able to be compromised by hackers. This system uses a complex algorithm in order to protect the private key which is assigned to the user during registration. A unique private key is assigned to the user in the mobile app. This key plays an extremely significant role in this system because of its variable for every time-based one-time password, TOTP to be unique. This system requires Android 6.0 APIs for fingerprint authentication in order to secure the TOTP generation. The TOTP algorithm implemented in this system has the capability to generate a unique string of code every 30 s.