Multi-factor Authentication

Multi-factor Authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to a resource such as an application, online account, or VPN. This method enhances security by combining multiple forms of identification, such as something you know (password), something you have (smartphone), and something you are (fingerprint).

Verification factors fall into 3 main categories which are;

• Something you know- This is usually a password or a PIN that a user should know.

• Something you have- This involves a physical item that the user has like a smartphone, smart card or a security token.

• Something you are- This factor relies on biometric characteristics such as fingerprints, facial recognition, etc.

An example of MFA is logging into your online banking account with a password and then receiving a one-time code on your mobile phone that you need to enter before gaining access.

The principle of MFA is to add additional layers of security to the authentication process. By requiring multiple forms of verification, it reduces the likelihood of unauthorized access, as it is more challenging for attackers to compromise multiple authentication factors simultaneously.

Let's design a multi-factor authentication system that first verifies the user through a username and password and then sends an OTP to the registered email. The user then uses that OTP to log into the system.

# Example of Multi-factor Authentication

import random
import smtplib
from getpass import getpass

# Simulated user database
user_db = {
    "username": "user1",
    "password": "password123"
}

def send_otp(email):
    otp = random.randint(100000, 999999)
    # This is where you would normally send the OTP via email or SMS
    # For this example, we'll just print it
    print(f"Sending OTP to {email}: {otp}")
    return otp

def verify_password(username, password):
    return user_db.get("username") == username and user_db.get("password") == password

def verify_otp(user_otp, real_otp):
    return user_otp == real_otp

def main():
    username = input("Enter username: ")
    password = getpass("Enter password: ")

    if verify_password(username, password):
        print("Password verified. Sending OTP...")
        user_email = "user1@example.com"  # User's email in real scenario
        otp = send_otp(user_email)
        user_otp = int(input("Enter the OTP sent to your email: "))

        if verify_otp(user_otp, otp):
            print("Authentication successful. Access granted.")
        else:
            print("Invalid OTP. Access denied.")
    else:
        print("Invalid username or password. Access denied.")

if __name__ == "__main__":
    main()

The code demonstrates a simple implementation of Multi-factor Authentication (MFA) by combining a password and a One-Time Password (OTP). It simulates a user database with a predefined username and password. The send_otp function generates a random 6-digit OTP and "sends" it to the user's email, which is simulated by printing the OTP to the console. The verify_password function checks if the entered username and password match the stored credentials. After successful password verification, an OTP is generated and displayed. The user is then prompted to enter the OTP. The verify_otp function checks if the entered OTP matches the generated one. If both the password and OTP are correct, access is granted; otherwise, it is denied. This code exemplifies the principle of MFA by requiring two forms of authentication before granting access.