Authentication System and Method for Improving Security Login without Typing Password

Irfan Darmawan, Alam Rahmatulloh, Rianto Rianto, Ilman Hilmi Oriza

Abstract


Authentication in the login process is an important thing that needs attention. The login process will involve a password that is owned by the user, while the password is private and confidential. If someone uses a weak password, the password is likely to be easily hacked. Authentication security needs to be improved, and hackers will get access to the login system with only a few attack techniques such as SQL Injection or sniffing techniques. Besides, the lack of awareness of users by creating weak passwords is easy to guess. Meanwhile, to create a strong password, consisting of upper- and lower-case letters, a combination of numbers and symbols, it is very difficult to remember. This is a very important problem in the login process. This study discusses the login authentication process that can perform login integration without typing a password, because passwords are generated repeatedly with the One Time Password (OTP) method, and use the Quick Response Code (QR) as its support. To disguise the data in the QR Code, which is applied by the Rivest-Shamir-Adleman (RSA) encryption algorithm, and will be tested on a web-based application. The login integration process, using the QR Code token application that runs on an android phone. Which functions as an OTP token generator, and a web-based application will read information from the QR Code token. The result is that with login authentication, this can increase the security and ease of the authentication process without typing a password.


Keywords


authentication; login; One Time Password (OTP); password; Quick Response (QR) code.

Full Text:

PDF

References


E. A. Dharmawan, E. Yudaningtyas and M. Sarosa, “Perlindungan Web pada Login Sistem Menggunakan Algoritma Rijndael,” EECCIS, pp. 77-84, 2013.

D. M. Khairina, “Analisis Keamanan Sistem Login,” Jurnal Informatika Mulawarman, vol. Vol. 6 No. 2, pp. 64-67, 2011.

R. S. Gusman, “Analisis dan Implementasi Two Factor Authentication dengan QRCode Pada Aplikasi Berbasis Web,” UT - Computer Science, pp. 1-22, 2013.

A. D. Tumuli, X. N. Najoan and A. M. Sambul, “Implementasi Teknologi Biometrical Identification untuk Login Hotspot,” E-Journal Teknik Informatika, Vols. Vol.12, No. 1, pp. 1-5, 2017.

J. Wei, W. Liu and X. Hu, “Secure and Efficient Smart Card Based Remote User Password Authentication Scheme,” International Journal of Network Security, Vols. Vol.18, No.4, pp. 782-791, 2016.

A. Rahmatulloh and R. Munir, “Pencegahan Ancaman Reverse Engineering Source Code PHP dengan Teknik Obfuscation Code pada Extension PHP,” in Konferensi Nasional Informatika, Bandung, 2015.

K. I. Santoso, E. Sediyono and S., “Studi Pengamanan Login Pada Sistem Informasi Akademik Menggunakan Otentifikasi One Time Password Berbasisis SMS dengan Hash MD5,” Sistem Informasi Bisnis, pp. 7-12, 2013.

I. G. N. A. Jayarana, A. A. K. A. Cahyawan and G. M. A. Sasmita, “Dynamic Mobile Token for Web Security using MD5 and One Time Password Method,” International Journal of Computer Applications, Vols. Volume 55-No 6, pp. 1-6, 2012.

A. Rahman and A. Rahmawati, “Sistem Pengamanan Keaslian Ijasah Menggunakan QR-Code dan Algoritma Base64,” JUSI Vol. 1, No. 2, pp. 105-112, 2011.

Z. Arifin, “Studi Kasus Penggunaan Algoritma RSA Sebagai Algoritma Kriptografi yang Aman,” Jurnal Informatika Mulawarman, pp. 7-14, 2009.

M. Arifin, A. Bejo and W. Najib, “Integrasi Login Tanpa Mengetik Password pada Wordpress,” JNTETI, Vol. 6, No. 2, pp. 162-167, 2017.

K. Adhatrao, A. Gaykar, R. Jha and V. Honrao, “A Secure Method For Signing In Using Quick Response Codes With Mobile Authentication,” International Journal of Student Research in Technology & Management, vol. Vol 1(1), pp. 1-11, 2013.

M. I. Zulfa and E. Subiyanta, “Pemanfaatan Spyware Untuk Monitoring Aktivitas Keyboard Dalam Jaringan Microsoft Windows,” Jurnal Emitor, vol. Vol. 15 No. 01., pp. 11-14, 2007.

Y. Kita, F. Sugai, M. Park and N. Okazaki, “Proposal and its Evaluation of a Shoulder-Surfing Attack Resistant Authentication Method: Secret Tap with Double Shift,” International Journal of Cyber-Security and Digital Forensics (IJCSDF), vol. 2(1), pp. 48-55, 2013.

M. Kumar, T. Garfinkel, D. Boneh and T. Winograd, “Reducing Shoulder-surfing by Using Gaze-based Password Entry,” pp. 1-7, 2007.

Z. Musliyana, T. Y. Arif and R. Munadi, “Peningkatan Sistem Keamanan Autentikasi Single Sign On (SSO) Menggunakan Algoritma AES dan One-Time Password Studi Kasus: SSO Universitas Ubudiyah Indonesia,” Jurnal Rekayasa Elektrika, vol. Vol.12 No.1, pp. 21-29, 2016.

M. F. Adriant and I. M., “Implementasi Wireshark Untuk Penyadapan (Sniffing) Paket Data Jaringan,” Seminar Nasional Cendekiawan, pp. 224-228, 2015.

ISO/IEC, Information Technology – Automatic Identification and Data Capture Techniques – Bar Code Symbology – QR Code, Swizerland: International Standard, 2000.




DOI: http://dx.doi.org/10.18517/ijaseit.10.2.11034

Refbacks




Published by INSIGHT - Indonesian Society for Knowledge and Human Development