OTPaaS—One Time Password as a Service
The main aim of this project is to build a secure, privacy-friendly, and sound OTP provider in the cloud to outsource the second factor of authentication.
Online credentials are used to recover other credentials and complex attacks are directed to the weakest one of many of these online credentials. Resistance to OTP replays and livens attacks, resistance to third party access, resistance to corrupt insiders, and resistance to Denial-of-Service attacks.
The proposed system lets companies spend less on OTP-based TFA transition both in the perspectives of experience, employers, hardware and software. Additionally, it lets the users to manage many of their accounts easily at one place, yet via unlikable profiles. It is believed that outsourcing OTP service in the cloud may also ease many cloud service providers bulk OTP adoption, as they do not require making additional investment. The proposed approach is effective as a two factor authentication security mechanism and provides many configurable options by design. User profiles are open to future development at user devices, such as regular password management, credential management etc.