Date: 21st December 2023
The following project is the Implementation of Multi-Factor Authentication [MFA] as a part of Team Centinals SRM.
*Author : Abdur Rahman*
Temp
TTP-only cookies, secure cookies, and consider rotating session tokens regularly to prevent session hijacking.
Time-based one-time password (TOTP)
Centralized authentication services (like OAuth, OpenID Connect, or SSO solutions) can be employed to provide a seamless MFA experience across various domains.
Initial Know-How
Authentication factors can be categorized into different types based on what users provide to verify their identity. Here are the primary authentication factors:
- Knowledge Factors:
- Something You Know:
- Passwords: Alphanumeric strings known only to the user.
- Personal Identification Numbers (PINs): Numeric codes, typically used with smart cards or ATMs.
- Possession Factors:
- Something You Have:
- Security Tokens: Physical devices that generate one-time passwords (OTP) or codes.
- Smart Cards: Cards with embedded chips containing authentication information.
- Mobile Devices: Mobile apps or devices used to receive push notifications, SMS codes, or generate OTP.
- Biometric Factors:
- Something You Are:
- Fingerprint Recognition: Analyzing unique patterns in fingerprints.
- Facial Recognition: Verifying identity based on facial features.
- Iris Scans: Analyzing patterns in the colored part of the eye.
- Voice Recognition: Authenticating based on the unique characteristics of a person's voice.
- Behavioral Biometrics: Analyzing patterns of behavior, such as typing rhythm or mouse movement.
- Location Factors:
- Somewhere You Are:
- Location-Based Authentication: Verifying a user's identity based on their geographic location.
- Time Factors:
- Something You Know and Time-Based:
- Time-Based One-Time Passwords (TOTP): Codes generated based on the current time and a shared secret.
- Action Factors:
- Something You Do:
- Behavioral Biometrics: Analyzing patterns of behavior, such as typing rhythm or mouse movement.