BlueTOTP: Designing Phishing-Resistant and User-Friendly Two-Factor Authentication
摘要
Two-factor authentication (2FA) is an effective measure to safeguard against password attacks (e.g., guessing, credential stuffing). However, many existing 2FA methods are neither user-friendly nor protect adequately against phishing, particularly real-time (person-in-the-middle) attacks. We introduce BlueTOTP, a novel approach that leverages Bluetooth to automatically transmit time-based one-time passwords (TOTP) and verify the requesting domain before issuing the second factor. By reducing manual interactions and ensuring domain legitimacy, BlueTOTP streamlines the authentication process and mitigates phishing risks. We present the design and implementation of BlueTOTP, followed by an evaluation of its usability and performance. BlueTOTP not only improves the user experience during authentication but also significantly reduces the overall time required to complete 2FA authentication.