Development of Hash-Based Multi-Factor Password Generating System

  • Morufu Olalere Department of Cybersecurity, Federal University of Technology, Minna, Niger state
  • Adenrele A. Afolorunso Department of Computer Science, National Open University of Nigeria, Jabi, Abuja, Nigeria
  • Zainab M. Olalere Department of Computer Science, Federal University of Technology, Minna.
  • Dauda Buhari Department of Cyber Security Science, Federal University of Technology, Minna.
  • Raji A. Egigogo
  • Yunus H. Habeeb Department of Cyber Security Science, Federal University of Technology, Minna.
Keywords: Cyber Security, Password Manager, Database-less Systems, Hashing, Password Security, Multi-factor authentication

Abstract

The use of passwords or passphrases is essential for every internet user. However, users often face a dilemma between choosing simple passwords that are easy to crack and complex passwords that are difficult to remember, leading to frequent and cumbersome password recovery processes. This paper focuses on addressing this issue by developing a multifactor, unique password-generating system using SHA-256. The system incorporates factors such as a Unique Identifier, a biometric key value, and an Android mobile phone with a Biometric scanner. To accomplish this, an algorithm is devised using JavaScript that concatenates and generates a hash value by applying the SHA-256 algorithm to the Unique Identifier and Biometric Key values. The software implementation is achieved using the JavaScript programming language, with support from predefined plugins. Once the application is created, passwords can be generated by inputting a user's fingerprint ID and an Identifier (e.g., “Facebook.com”), resulting in the generation of a 32-character unique password. This process can be applied to any identifier and can reproduce the same password when the same factors are supplied. The experimentation results demonstrate that the system is capable of generating unique passwords for different platforms and can reproduce the same password for each platform if needed. While the focus of this paper is on the development of a system for Android mobile phone operating systems, It is suggested that its functionality be expanded by developing a browser extension and versions for other operating systems to improve its usability and accessibility across multiple platforms.

Author Biographies

Adenrele A. Afolorunso, Department of Computer Science, National Open University of Nigeria, Jabi, Abuja, Nigeria
Senior Lecturer
Zainab M. Olalere, Department of Computer Science, Federal University of Technology, Minna.
M.Tech Student
Dauda Buhari, Department of Cyber Security Science, Federal University of Technology, Minna.
Graduate Student
Yunus H. Habeeb, Department of Cyber Security Science, Federal University of Technology, Minna.
Graduate Student

References

Bradley, T. (2021). Microsoft takes first steps to finally kill the password. Forbes. Retrieved April 26, 2023, from https://www.forbes.com/sites/tonybradley/2021/09/20/microsoft-takes-first-steps-to-finally-kill-the-password/?sh=1dd7fb8f46d1

Jakkal, V. (2022). The passwordless future with Microsoft. Microsoft Security Blog. Retrieved April 26, 2023, from https://www.microsoft.com/en-us/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/

Martin, A. (2021). New Blog Post: The Passwordless Future is here for your Microsoft account. TECHCOMMUNITY.MICROSOFT.COM. Retrieved April 26, 2023, from https://techcommunity.microsoft.com/t5/security-compliance-and-identity/new-blog-post-the-passwordless-future-is-here-for-your-microsoft/m-p/2756606

Published
2023-12-31