Research Article
Security Analysis of Google Authenticator, Microsoft Authenticator, and Authy
@INPROCEEDINGS{10.1007/978-3-031-56583-0_13, author={Aleck Nash and Hudan Studiawan and George Grispos and Kim-Kwang Raymond Choo}, title={Security Analysis of Google Authenticator, Microsoft Authenticator, and Authy}, proceedings={Digital Forensics and Cyber Crime. 14th EAI International Conference, ICDF2C 2023, New York City, NY, USA, November 30, 2023, Proceedings, Part II}, proceedings_a={ICDF2C PART 2}, year={2024}, month={4}, keywords={Security analysis Man-in-the-middle (MITM) attack Authenticator applications Authentication protocols}, doi={10.1007/978-3-031-56583-0_13} }- Aleck Nash
Hudan Studiawan
George Grispos
Kim-Kwang Raymond Choo
Year: 2024
Security Analysis of Google Authenticator, Microsoft Authenticator, and Authy
ICDF2C PART 2
Springer
DOI: 10.1007/978-3-031-56583-0_13
Abstract
As the use of authenticator applications for two-factor authentication (2FA) has become increasingly common, there is a growing need to assess the security of these applications. In this paper, we present a security analysis of authenticator applications that are widely used on various platforms, such as Google Authenticator, Microsoft Authenticator, and Authy. Our analysis includes an examination of the security features of these applications (e.g., level of protection) as well as the communication protocols used between the applications and the servers. Our results show that these applications have significant vulnerabilities that could compromise the security of the authentication process. Specifically, we found that some authenticator applications store sensitive data, such as secret keys, in plain text, making them vulnerable to attacks. Overall, our findings indicate that there is a need for better security practices in the design and implementation of authenticator applications. We recommend that developers follow best practices for secure coding and use well-established cryptographic algorithms to generate one-time codes.
