And communications the republic of uzbekistan tashkent university of information technologies

data) being protected by two-factor authentication then remains blocked. The 
authentication factors of a two-factor authentication scheme may include: 
The major drawback of authentication performed using something that the 
user possesses and one other factor is that the plastic token used (the USB stick, 
the bank card, the key or similar) must be carried around by the user at all times. 
And if this is stolen or lost, or if the user simply does not have it with him or her, 
access is impossible. There are also costs involved in procuring and subsequently 
replacing tokens of this kind. In addition, there are inherent conflicts and 
unavoidable trade-offs between usability and security. 
Mobile phone two-factor authentication was developed to provide an 
alternative method that would avoid such issues. This approach uses mobile 
devices such as mobile phones and smartphones to serve as "something that the 
user possesses". If users want to authenticate themselves, they can use their 
personal access license (i.e. something that only the individual user knows) plus a 
one-time-valid, dynamic passcode consisting of digits. The code can be sent to 
their mobile device by SMS or via a special app. The advantage of this method is 
that there is no need for an additional, dedicated token, as users tend to carry their 
mobile devices around at all times anyway. Some professional two-factor 
authentication solutions also ensure that there is always a valid passcode available 
for users. If the user has already used a sequence of digits (passcode), this is 
automatically deleted and the system sends a new code to the mobile device. And 
if the new code is not entered within a specified time limit, the system 
automatically replaces it. This ensures that no old, already used codes are left on 
mobile devices. For added security, it is possible to specify how many incorrect 
entries are permitted before the system blocks access.
Security of the mobile-delivered security tokens fully depends on the mobile 
operator's operational security and can be easily breached by wiretapping or SIM-
cloning by national security agencies.
Advantages of mobile phone two-factor authentication 


No additional tokens are necessary because it uses mobile devices that 
are (usually) carried all the time. 

As they are constantly changed, dynamically generated passcodes are 
safer to use than fixed (static) log-in information. 

Depending on the solution, passcodes that have been used are 
automatically replaced in order to ensure that a valid code is always available; 
acute transmission/reception problems do not therefore prevent logins. 

The option to specify a maximum permitted number of incorrect 
entries reduces the risk of attacks by unauthorized persons. 

It is easy to configure; user friendly.
 
Disadvantages of mobile phone two-factor authentication 

The mobile phone must be carried by the user, charged, and kept in 
range of a cellular network whenever authentication might be necessary. If the 
phone is unable to display messages, access is often impossible without backup 
plans. 

The user must share their personal mobile number with the provider, 
reducing personal privacy and potentially allowing spam. 

Text messages to mobile phones using SMS are insecure and can be 
intercepted. The token can thus be stolen and used by third parties.

Text messages may not be delivered instantly, adding additional 
delays to the authentication process. 

Account recovery typically bypasses mobile phone two-factor 
authentication.

Modern smart phones are used both for browsing email and for 
receiving SMS. Email is usually always logged in. So if the phone is lost or stolen, 
all accounts for which the email is the key can be hacked as the phone can receive 
the second factor. So smart phones combine the two factors into one factor. 

Mobile phones can be stolen, potentially allowing the thief to gain 
access into the user's accounts.[2]

Advances in Mobile Two-Factor Authentication 
Advances in research of two-factor authentication for mobile devices 
consider different methods in which a second factor can be implemented while not 
posing a hindrance to the user. With the continued use and improvements in the 
accuracy of mobile hardware such as GPS, microphone, and gyro/acceleromoter, 
the ability to use them as a second factor of authentication is becoming more 
trustworthy. For example, by recording the ambient noise of the user’s location 
from a mobile device and comparing it the recording of the ambient noise from the 
computer in the same room on which the user is trying to authenticate, one is able 
to have an effective second factor of authentication. This also reduces the amount 
of time and effort needed to complete the process
. 

Download 0,5 Mb.

Do'stlaringiz bilan baham: