Skip to content

Latest commit

 

History

History
9 lines (5 loc) · 1.18 KB

README.md

File metadata and controls

9 lines (5 loc) · 1.18 KB

SecuriCast: Zero-Touch Two-Factor Authentication using WebBluetooth

Companion repository to the research paper presented at EICS 2019 (https://dl.acm.org/citation.cfm?id=3328225)

Simple username/password logins are widely used on the web, but are susceptible to multiple security issues, such as database leaks, phishing, and password re-use. Two-factor authentication is one way to mitigate these issues, but suffers from low user acceptance due to (perceived) additional effort.

We introduce SecuriCast, a method to provide two-factor authentication using WebBluetooth as a secondary channel between an unmodified web browser and the user's smartphone. Depending on the usage scenario and the desired level of security, no device switch and only minimal additional interaction is required from the user. We analyse SecuriCast based on the framework by Bonneau et al., briefly report on results from a user study with 30 participants demonstrating performance and perceived usability of SecuriCast, and discuss possible attack scenarios and extensions.

Smartwatch running SecuriCast with browser in background