Research output: Contribution to journal › Conference article › peer-review
PASSWORDLESS AUTHENTICATION USING MAGIC LINK TECHNOLOGY. / Matiushin, Iurii; Korkhov, Vladimir.
In: CEUR Workshop Proceedings, Vol. 3041, 01.12.2021, p. 434-438.Research output: Contribution to journal › Conference article › peer-review
}
TY - JOUR
T1 - PASSWORDLESS AUTHENTICATION USING MAGIC LINK TECHNOLOGY
AU - Matiushin, Iurii
AU - Korkhov, Vladimir
N1 - Conference code: 9
PY - 2021/12/1
Y1 - 2021/12/1
N2 - Nowadays, the problem of identification and authentication on the Internet is more urgent than ever. There are several reasons for this: on the one hand, there are many Internet services that keep records of users and differentiate their access rights to certain resources; on the other hand, cybercriminals' attacks on web services have become much more frequent lately. At the same time, in many cases, the weak point of systems exposed to attacks is precisely the authentication system. Authentication methods based on the knowledge factor (e. g. password protection) are the most common and are applied almost everywhere. Their advantages are ease and low cost of implementation. On the other hand, such systems are often vulnerable to various kinds of attacks. It is estimated that up to 80% of successful hacker attacks (including attacks on the largest services with millions of users) succeeded precisely because of the weakness of the password protection system. This paper presents a solution to the problem of passwordless authentication, which can be applied in a number of online services and systems. In particular, we consider the magic link technology and present an authentication system implemented using Keycloak, an open-source software product that implements single sign-on technology. In the future, it is possible to further improve the system, in particular, using adaptive authentication, which allows switching between different authentication mechanisms depending on certain factors.
AB - Nowadays, the problem of identification and authentication on the Internet is more urgent than ever. There are several reasons for this: on the one hand, there are many Internet services that keep records of users and differentiate their access rights to certain resources; on the other hand, cybercriminals' attacks on web services have become much more frequent lately. At the same time, in many cases, the weak point of systems exposed to attacks is precisely the authentication system. Authentication methods based on the knowledge factor (e. g. password protection) are the most common and are applied almost everywhere. Their advantages are ease and low cost of implementation. On the other hand, such systems are often vulnerable to various kinds of attacks. It is estimated that up to 80% of successful hacker attacks (including attacks on the largest services with millions of users) succeeded precisely because of the weakness of the password protection system. This paper presents a solution to the problem of passwordless authentication, which can be applied in a number of online services and systems. In particular, we consider the magic link technology and present an authentication system implemented using Keycloak, an open-source software product that implements single sign-on technology. In the future, it is possible to further improve the system, in particular, using adaptive authentication, which allows switching between different authentication mechanisms depending on certain factors.
KW - Authentication
KW - Magic link technology
KW - Passwordless
UR - http://www.scopus.com/inward/record.url?scp=85121595819&partnerID=8YFLogxK
M3 - Conference article
AN - SCOPUS:85121595819
VL - 3041
SP - 434
EP - 438
JO - CEUR Workshop Proceedings
JF - CEUR Workshop Proceedings
SN - 1613-0073
T2 - 9th International Conference "Distributed Computing and Grid Technologies in Science and Education", GRID 2021
Y2 - 5 July 2021 through 9 July 2021
ER -
ID: 91158906