data) being protected by two-factor authentication then remains blocked. The
authentication factors of a two-factor authentication scheme may include:
The major drawback of authentication performed using something that the
user possesses and one other factor is that the plastic token used (the USB stick,
the bank card, the key or similar) must be carried around by the user at all times.
And if this is stolen or lost, or if the user simply does not have it with him or her,
access is impossible. There are also costs involved in procuring and subsequently
replacing tokens of this kind. In addition, there
are inherent conflicts and
unavoidable trade-offs between usability and security.
Mobile phone two-factor authentication was developed to provide an
alternative method that would avoid such issues. This approach uses mobile
devices such as mobile phones and smartphones to serve as "something that the
user possesses". If users want to authenticate themselves, they can use their
personal access license (i.e. something that only the individual user knows) plus a
one-time-valid, dynamic passcode consisting of digits.
The code can be sent to
their mobile device by SMS or via a special app. The advantage of this method is
that there is no need for an additional, dedicated token, as users tend to carry their
mobile devices around at all times anyway. Some professional two-factor
authentication solutions also ensure that there is always a valid passcode available
for users. If the user has already used a sequence of digits (passcode), this is
automatically deleted and the system sends a new code to the mobile device. And
if the new code is not entered within a specified time limit, the system
automatically replaces it. This ensures that no old, already
used codes are left on
mobile devices. For added security, it is possible to specify how many incorrect
entries are permitted before the system blocks access.
Security of the mobile-delivered security tokens fully depends on the mobile
operator's operational security and can be easily breached by wiretapping or SIM-
cloning by national security agencies.
Advantages of mobile phone two-factor authentication
No additional tokens are necessary because it uses mobile devices that
are (usually) carried all the time.
As they are constantly changed, dynamically generated passcodes are
safer to use than fixed (static) log-in information.
Depending on the solution, passcodes that have been used are
automatically replaced in order to ensure that a
valid code is always available;
acute transmission/reception problems do not therefore prevent logins.
The option to specify a maximum permitted number of incorrect
entries reduces the risk of attacks by unauthorized persons.
It is easy to configure; user friendly.
Disadvantages of mobile phone two-factor authentication
The mobile phone must be carried by the user, charged, and kept in
range of a cellular network whenever authentication might be necessary. If the
phone
is unable to display messages, access is often impossible without backup
plans.
The user must share their personal mobile number with the provider,
reducing personal privacy and potentially allowing spam.
Text messages to mobile phones using SMS are insecure and can be
intercepted. The token can thus be stolen and used by third parties.
Text messages may not be delivered instantly, adding additional
delays to the authentication process.
Account recovery typically bypasses
mobile phone two-factor
authentication.
Modern smart phones are used both for browsing email and for
receiving SMS. Email is usually always logged in. So if the phone is lost or stolen,
all accounts for which the email is the key can be hacked as the phone can receive
the second factor. So smart phones combine the two factors into one factor.
Mobile phones can be stolen, potentially allowing the thief to gain
access into the user's accounts.[2]
Advances in Mobile Two-Factor Authentication
Advances in research of two-factor authentication for mobile devices
consider different methods in which a second factor can be implemented while not
posing a hindrance to the user. With the continued
use and improvements in the
accuracy of mobile hardware such as GPS, microphone, and gyro/acceleromoter,
the ability to use them as a second factor of authentication is becoming more
trustworthy. For example, by recording the ambient noise of the user’s location
from a mobile device and comparing it the recording of the ambient noise from the
computer in the same room on which the user is trying to authenticate, one is able
to have an effective second factor of authentication. This also reduces the amount
of time and effort needed to complete the process
.
Do'stlaringiz bilan baham: 
