Authentication Protocol with Login & SignUp Functionality
Password security is a key aspect of cybersecurity. A password protects not only individuals, but also organisations including their applications, networks and systems infrastructure. Therefore it is imperative that high password security policies are put into place.
Current best practice suggests a 12 character complex password with a mixture of letters(both Capital & Lower case), numbers, symbols for example, would boost security of passswords. A complex password would be "CoMpL£xP@ss1" compared to "complexpass1". As you can see, the 1st password option is better and more secure. Complex passwords take much longer to brute force and guess and therefore due to the time taken, it is more secured and a password that is strong benefits individuals as well as organisations. By using a complex password, individuals & organisations protect themselves and help to ensure their data and information isnt accessed by malicious and unauthorised actors.
Best practices also suggest Two Factor/Multi-Factor Authentication. This means another factor that the user must know, have or is(iris scan, fingerprint etc.) For example, current best practices recommend Two Factor Authentication such as when you're logging into your bank, you may be asked to enter your username and password, and then an SMS code is sent to your mobile number. This is an example of Two Factor Authentication. The SMS code is one-time and changes everytime a user logs into a system, whether successfully or unsuccessfully in some cases.
As you can imagine, combining a complex password, along with Two Factor Authentication would be very secure!
Benefits of a strong password are:
- Sensitive Data is protected. For example banking data, financial data, health data and other personal data that you wouldn't want to fall into the hands of attackers and unauthorised people.
- Unauthorised Access is prevented. Only a user has access to a password. If a password is secure, malicious actors can't attack systems and steal data and information that they shouldn't have access to.
- Identity theft and fraud. Cyber criminals steal passwords to commit fraud and identity theft. If a password is secure and complex, cyber criminals will have a hard time committing these crimes.
- Business Continuity. In an organisational sense, if an organisation has weak passwords put in place, attackers can commit attacks against their systems, steal data, resulting in data breaches. This would mean organisations face reputational damage, fines and also loss of trust from customers too. If an attacker gains access to a system, they can pivot and move onto other larger systems and increase their attack scope too.
Application Description:
The application developed is a user logging in and registration system built using Python Script, which allows a user to create an account, login to that account and stores these information into an external SQLite 3 based database. Once an account is created, a user enters their username and memorable word that they selected when they registered, and then to fully authenticate themselves, they must enter a 12 digit One time Password that has been emailed to their email that they provided. A user canÕt login until these 12 character one time password has been entered.
The image above is the main screen of the authentication protocol. A user either enters their email address/username and memorable word or registers for an account. The data is then checked in the local database if the information entered is correct and matches.
The image above is the registration screen of the authentication protocol. A user either enters their email address and memorable word, along with their first name and last name. The data entered is then stored into the local SQL Database.
The image above shows the data that is stored in the local SQL database. User's information is stored here when they register for an account and when they attempt to login to the system, the details are checked in this database and if they don't match, access to the next stage isn't granted but if it does match, access is granted.
The image above shows the once a user successfully enters their username/email address and memorable word, they are brought to the one time password screen. The program generates a 12 character complex one time password that is then emailed to the user's email address to verify they are who they are. If the one time password entered is incorrect, the user is not granted authorisation into the system. Everytime the user attempts to login to the system from the main screen, a new one time password is generated and then sent to the user's email address.
System Overview and flow diagram of the authentication protocol.
The system I developed followed the following steps:
- 1. User logs in or registers with their email address and memorable word.
- 2. Once successfully logged in, a 12 character one-time password is sent to their email address.
- 3. Only when this one-time password is entered correctly, is when the user is authorised to login and has full access to the system.
- 4. If the One-Time Password entered is incorrect, the user doesn't gain access to the system and has to keep entering the one-time password till it matches what was sent to their email address.
Why is this protocol better?
This system is better because it incorporates the latest security standards and best practices which are Two Factor Authentication, One-Time Passwords and 12 Character passwords too. Having a two factor way of logging in is better because there is an additional layer of verification, authentication needed before a user gains full access to data and systems. Account security is strengthened because 12 character complex passwords, especially one time passwords are extremely difficult and challenging to brute force against. One Time Passwords are one time in nature, meaning they constantly change and are not static, this makes it extremely difficult for malicious actors to brute force and also to guess a password. If all individuals and organisations incorporated a similar authentication system that uses complex passwords, one time passwords or two factor authentication, account security would be strengthened and malicious actors would find it challenging to break into systems and steal data.