T2FA: Transparent Two-Factor Authentication

Traditional username and password-based single-factor authentication is easy to deploy but vulnerable to dictionary attacks, snooping, and brute force attacks. Two-factor authentication (2FA) has been proposed to improve the security, where smart devices are used as the second authentication factor. However, the interaction between human and the smart device is required, which is inconvenient to users. In addition, an attacker is able to get the second authentication factor through fraud, thus invalidating current 2FA mechanisms. In order to solve these problems, we propose a transparent two-factor authentication (T2FA) based on physical unclonable function (PUF) and voiceprint. The second authentication authenticates the user's mobile phone through the PUF. The third one is to determine whether the login terminal and the user's mobile phone are in the same environment with the environment voiceprint. The second and third authentication in the second factor is completely transparent to users. Therefore, T2FA avoids the tedious interaction and provides the same high user experience satisfaction as the single-factor authentication and exhibits high security simultaneously. Moreover, the fraud is eliminated technically due to the transparency of the authentication.