Security sensitive environments or organizations prevent their resources from unauthorized access by enabling various access control mechanisms like user authentication. Initially the text passwords were the means of security but today they only are not enough in accordance to fast growing hackers. Thus user authentication can be improved by adding more levels in the process of authentication i.e. multi-step or multifactor authentication scheme. The objective of this research is to design a secure authentication system using existing cryptographic algorithms for the web. This proposed authentication system include the usage of Android mobile phone for the authentication of user. The main purpose of this scheme is to provide stronger authentication in online systems. It involves seed exchange, a software-based token via Transport Layer SecurityTLS) tunnel which is used to generate online one time passwords. Authentication occurs through the verification of one time password generated on the server side and one time password generated from the shared seed value on the android mobile phone. This research hopes to generate more effective and secure scheme based on multi-factor authentication.
