An Alternative to Multi-Factor Authentication with a Triple-Identity Authentication Scheme

TL;DR

This paper proposes a novel triple-identity authentication scheme that enhances security by generating independent, hash-based identifiers for user credentials, eliminating reliance on external MFA services.

Contribution

It introduces a new authentication method that creates internal, hash-based identifiers for credentials, providing enhanced security without external multi-factor authentication.

Findings

Provides a secure internal mechanism for user verification

Eliminates dependence on external MFA services

Uses hash algorithms to generate independent user identifiers

Abstract

The existing authentication system has two entry points (i.e., username and password fields) to interact with the outside, but neither of them has a gatekeeper, making the system vulnerable to cyberattacks. In order to ensure the authentication security, the system sets a third entry point and use an external MFA service to guard it. The crux of the problem is that the system has no internal mechanism to guard its own entry points as no identifiers can be defined for the username and password without using any personal information. To solve this problem, we open the hash algorithm of a dual-password login-authentication system to three login credentials. Therefore, the intermediate elements of the algorithm can be used to define an identifier to verify the user identity at each entry point of the system. As a result of the above setup, a triple-identity authentication is established, the key of which is that the readily available user's login name and password are randomly converted into a matrix of meaningless hash elements which are concealed, incommunicable, inaccessible, and independent of personal information. So the identifiers defined using such elements can be used by the system to verify the identities of the user at all the entry points of the system, thereby ensuring the authentication security without relying on MFA services.