In the interest of digital security, 2-Factor
Authentication (2FA), has been widely used throughout
different sites and applications to secure and authenticate
a user’s identity, Time-Based One-Time Password (TOTP)
algorithm is one of the most utilized algorithms when it
comes to 2FA due to its reliability when it comes to
securing user access through generating a code that has a
limited validity, usually for 30 seconds or less. TOTP
generates a code with the use of current time and a secret
key. Despite the security TOTP provides, the delivery of
the code through SMS is still vulnerable to interception by
a third party since the connection between the client and
the server can be insecure. This paper proposes an
enhancement to the TOTP algorithm by applying AES
encryption to the generated code before delivering it to the
client. This paper shows that the implementation of AES
to the TOTP algorithm has helped generate a stronger
OTP and has made it harder for hackers to crack.
Keywords :
AES; OTP; secret key; Time-Based One-Time Password Algorithm; 2-Factor Authentication