One-Time-Username: A Threshold-based Authentication System

Abstract Due to the complexity and volume, memorizing static usernames and passwords is deemed to be one of the most cumbersome tasks for ordinary users. Nevertheless, verifying the access legitimacy of a user without using a verification table and securely granting permissions based on an access control policy assigned to the user are two critical challenges to build an authentication scheme which is practical and effective. Traditional approaches either completely ignore the importance of user-centric access control or rely on a single point of verification or a third party authority; but in practice, access control and distributed verifiers are important for enhancing security and dealing with the dynamics caused by the user online browsing activities. In this paper, we propose a threshold-based authentication system leveraging user computing devices and allowing users to designate various permissions. Various (t,n) physical or virtual devices can participate to run an authentication protocol and provide the user with a one-time credential to access an online banking system. Our evaluation and results show that the solution is not only practical, but it also minimizes the risks associated with traditional approaches.