PacAuth: Because “just” a password isn’t enough

Lead Author Major

Computer Science

Lead Author Status

Senior

Second Author Major

Computer Science

Second Author Status

Senior

Third Author Major

Computer Science

Third Author Status

Senior

Format

SOECS Senior Project Demonstration

Faculty Mentor Name

Osvaldo Jimenez

Faculty Mentor Department

Computer Science

Additional Faculty Mentor Name

Shon Vick

Additional Faculty Mentor Department

Computer Science

Abstract/Artist Statement

This project outlines the security concerns associated with services utilizing “password-only” logins. With the abundance of password sharing across multiple platforms, the use of cyber attacks with regards to personal data has grown exponentially. For instance, the September 2017 Deloitte breach showed how even a massive corporate entity can fall victim to password sharing and limited access control. To combat these breaches, we have developed an enterprise level solution that creates a second-factor token which can easily be applied to any service that has a network connection for validation. Our solution integrates seamlessly with websites that feature user login as well as operating system authentication. A “one-time password” is generated by our token hardware or software, submitted to the website utilizing our service, and confirmed with our cloud verification API. The ability to choose either a software or hardware token allows an enterprise or individual to determine their own security risk and assume a posture that is equivalent to their concerns.

Location

School of Engineering & Computer Science

Start Date

4-5-2018 2:30 PM

End Date

4-5-2018 4:00 PM

This document is currently not available here.

Share

COinS
 
May 4th, 2:30 PM May 4th, 4:00 PM

PacAuth: Because “just” a password isn’t enough

School of Engineering & Computer Science

This project outlines the security concerns associated with services utilizing “password-only” logins. With the abundance of password sharing across multiple platforms, the use of cyber attacks with regards to personal data has grown exponentially. For instance, the September 2017 Deloitte breach showed how even a massive corporate entity can fall victim to password sharing and limited access control. To combat these breaches, we have developed an enterprise level solution that creates a second-factor token which can easily be applied to any service that has a network connection for validation. Our solution integrates seamlessly with websites that feature user login as well as operating system authentication. A “one-time password” is generated by our token hardware or software, submitted to the website utilizing our service, and confirmed with our cloud verification API. The ability to choose either a software or hardware token allows an enterprise or individual to determine their own security risk and assume a posture that is equivalent to their concerns.