Authors : Ruhee; Prakash O. S.; Dr. Girish Kumar D.

Volume/Issue : Volume 11 - 2026, Issue 5 - May

Google Scholar : https://tinyurl.com/32umns8j

Scribd : https://tinyurl.com/ym4zmsb5

DOI : https://doi.org/10.38124/ijisrt/26May311

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : Web applications increasingly handle sensitive personal and organisational information, so security of user authentication essential. Nowadays traditional password methods sare still common, but they are vulnerable to threats like password reuse, brute force attacks, & phishing. Multi-factor authentication (MFA) offers better access control. Thus however, many systems overlook the human factor, which plays significant role in security incidents. This paper describes the design and implementation of a one time based multi-factor authentication system that includes a cyber awareness chatbot, voice assistant and spam checker. The proposed system improves authentication by combining password validation with email-based one-time password (OTP). It also educates users about common cybersecurity risks through an interactive chatbot. Using the Flask web framework and a MySQL database, the system's experimental evaluation shows stronger resistance to unauthorised access and increased user awareness. This suggests that merging authentication with education can create the more effective security for web applications.

Keywords : Multi-Factor Authentication, One-Time Password, a Cyber Awareness, Chatbot, Web Application Security, Human Factor Security.

References :

1. L. Lamport, “Password authentication with insecure communication,” Communications of the ACM, vol. 24, no. 11, pp. 770–772, 1981.
2. A. Herzberg, “Payments and banking with mobile personal devices,” Communications of the ACM, vol. 46, no. 5, pp. 53–58, 2003.
3. S. Garfinkel and G. Spafford, Practical UNIX and Internet Security, 3rd ed., O’Reilly Media, 2003.
4. F. Aloul, S. Zahidi, and W. El-Hajj, “Two factor authentication using mobile phones,” Proceedings of the IEEE/ACS International Conference on Computer Systems and Applications, pp. 641–644, 2009.
5. P. Inglesant and M. A. Sasse, “The true cost of unusable password policies,” Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 383–392, 2010.
6. M. Weir, S. Aggarwal, B. de Medeiros, and B. Glodek, “Password Cracking Using Probabilistic Context-Free Grammars,” Proceedings of the IEEE Symposium on Security and Privacy, pp. 391–405, 2010.
7. N. Gruschka, L. Lo Iacono, and N. Luttenberger, “Security Issues in Web-Based Applications,” IEEE Security & Privacy, vol. 12, no. 5, pp. 22–29, 2014.
8. K. Fawaz and K. G. Shin, “Location privacy protection for smartphone users,” Proceedings of the ACM Conference on Computer and Communications Security, pp. 239–250, 2014.
9. A. B. Johnston and S. Weidner, “Usability and Security: Evaluating Authentication Systems,” IEEE Computer, vol. 48, no. 12, pp. 54–61, 2015.
10. J. Lester and J. Branting, “Interactive Chatbots for User Assistance and Learning,” Artificial Intelligence Review, vol. 34, no. 1, pp. 1–16, 2016.
11. M. Conti, N. Dragoni, and V. Lesyk, “A survey of man- in-the-middle attacks,” IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. 2027–2051, 2016.
12. R. Heartfield and G. Loukas, “Detecting semantic social engineering attacks with machine learning,” IEEE Security & Privacy, vol. 14, no. 4, pp. 40–47, 2016.
13. S. Furnell and K. Evangelatos, “Public Awareness and User Education in Information Security,” Computer Fraud & Security, no. 6, pp. 8–13, 2017.
14. K. Renaud and M. Goucher, “The Role of Human Behavior in Cybersecurity,” Journal of Cybersecurity, vol. 3, no. 1, pp. 1–14, 2017.
15. R. B. Basnet and A. H. Sung, “User Authentication and Authorization Frameworks in Modern Web Systems,” Journal of Information Security, vol. 8, no. 2, pp. 87–98, 2018.
16. A. B. Johnston, “Authentication usability and security trade-offs in web applications,” IEEE Security & Privacy, vol. 16, no. 4, pp. 72–75, 2018.
17. T. Jensen, M. Dürmuth, and B. Fabian, “Security awareness and user behavior in authentication systems,” Proceedings of the International Conference on Information Security, pp. 101–115, 2018.
18. A. O. Adewumi, O. Bello, and S. Misra, “Multi-Factor Authentication Techniques for Secure Web Applications,” International Journal of Computer Security, vol. 12, no. 3, pp. 45–53, 2019.
19. M. Alzubaidi, A. Abuhussein, and M. Shurman, “One- Time Password Authentication Systems: A Survey,” International Journal of Network Security, vol. 21, no. 4, pp. 623–632, 2019.
20. OWASP Foundation, “OWASP Top 10 Web Application Security Risks,” 2023