Multi-factor Authentication Mechanism Based on Browser Fingerprinting and Graphical HoneyTokens

Abstract: Multi-factor authentication (MFA) offers a wide range of methods and techniques available today. The security benefits of using MFA are almost indisputable, however, users are reluctant to adopt the technology. While many new MFA solutions are being proposed, there is a lack of consideration for user sentiment in the early stages of development. In an attempt to balance security and usability, this report investigates the feasibility of a new authentication mechanism that uses browser fingerprinting, graphical passwords, and honeytokens. This was evaluated by conducting a limited literature review, producing a prototype, interviews with test users, and security experts, as well as ensuring feasibility through a requirements checklist. The results of this research provides evidence that this mechanism is feasible, and appealing to end users. However, more investigation is required in order to ensure the mechanism's viability in a real-world deployment.