Abstract:
One of the major areas of security improvements is the way in which authentication
of users is carried out. The most common used way of authentication nowadays is the
password. Sensitive data requires stronger authentication methods. Adding other
authentication factor can make those sensitive data more secure. But, in contrast, the
application of such methods is almost more expensive in cost and more sophisticated
in usage. This thesis proposes encryption/decryption of the password in addition to
application of the Two-Factor Authentication technique using mobile phone
Bluetooth in ERP logon process as a low cost solution and relatively high speed one.
Password is stored in the database in an encrypted format, and latterly it is retrieved
and decrypted when logon authentication takes place. The MAC address of the user's
mobile phone Bluetooth is used as a second authentication factor. Two-Factor
Authentication method is implemented in configuration screens when registering new
users, and in the login screen every time the user needs to logon to the system. The
proposed application gives the administrator the opportunity of registering remote
users by manually feeding the user's Bluetooth information. A nearby Bluetooth
devices search time is tied to 5 seconds only.
