Auto2FA

Inspiration

Current two-factor authentication typically requires a tedious process of entering your password, being redirected, then entering a six-digit code that changes when you open up the app. This application allows you to bypass those additional steps and directly routes you to the place you want to be by using your phone's bluetooth as the authenticator, while keeping the security that two-factor authentication allows.

Who does it benefit?

Two-factor authentication is a feature that makes the easier for businesses to protect their clients, however, less than 10% of Google users even have it enabled. The reason for this is due to the current inconvenience previously mentioned. With the commonplace habit of users streamlining identical passwords throughout multiple websites, businesses are struggling to protect all of their users when a security vulnerability is exposed when single-factor authentication is in use. Thus, this would benefit both the users and the companies that invest so much capital into improving security.

What makes this different?

What it does

There are three levels to this application: server, client, and mobile. The server requests a mobile authentication key from the client (web browser), which then requests an authentication key from the mobile application, upon which the key runs back up to the chain to the server and the user is logged in.

We'll answer these later

How we built it

We built an Android app that helps in securing 2FA secret keys on the cellular device. We have a website, where if we wanted to login; we provide valid email address. The user receives an email. Upon clicking it, validation is performed. If intermediaries are validated, the app hands over the QR secret to the server via Bluetooth (WIP). As the server generated the secret, it can validate its unique key and let the user login. For the first time user, they are asked to scan the QR code, so that the cellular device can have the secret QR key.

Challenges we ran into

Git issues in Android Studio, difficult to resolve, so ended up deleting and recreating classes many times. Android studio kept on crashing and freezing on updating indices taking very long time to complete batch updates and gradle builds.

Accomplishments that we're proud of

We have a password-less authentication system. Something that is a new concept, and so we enjoyed exploring ends for getting to work without password still secure enough to maintain authenticity.

What we learned

Firebase connectivity as backend to the Android Java Application.

What's next for Auto2FA

To keep working on the current idea and make it a great iteration. (Iteration - As software development never ends, but keeps updating with new Technologies)