Godkända
Ytterligare skyddslager under inloggningsprocessen med multifaktorautentisering
Michaela Bergman ()
Start
2020-11-26
Presentation
2021-05-07 10:15
Plats:
Zoom: https://lu-se.zoom.us/j/64827448887
Avslutat:
2021-06-23
Examensrapport:
Sammanfattning
Today, Axis has a traditional username and password login to access their personal My Axis-accounts. The My Axis-accounts are available for anyone that has a unique email, and during registration an email verification is needed. If the account holder's password is compromised, the user will no longer be able to authenticate itself. Therefore, to increase account security, Axis would like to implement multi-factor authentication into the Axis external accounts, which will provide the user to choose between different authenticators to prove their identity when sigining in through various applications, e.g., fingerprint authentication or a one-time password. The aim with this Master’s Thesis work is to conduct research about different available authenticators, including biometric authetication technologies, and investigate how to implement these to create a highly secure and customizable multi-factor authentication for My Axis-accounts. A part of the research is to investigate recorvery and support for the loss of an authentication factor, and also to go into detail about what to store for each authenticator and technique, for example what kind of security token, how this will be calculated and/or retrieved as well as where to store it. The report will be accompanied by a prototype with an implemented multi-factor authenticator that is based on security vulnerabilities, trade-offs and compatibility.
Handledare: Ben Smeets (EIT)
Examinator: Thomas Johansson (EIT)