Authentication is becoming more and more secure, for example by the use of multifactor authentication, hardware tokens, or biometric identification. However, for the case of theft or loss of the authentication device, most services offer "alternative" authentication methods to recover the account. This is typically much weaker than the primary authentication method, e.g. simply sending a reset link to the configured email.
The task of this thesis is to analyze existing recovery methods and develop a more secure solution. Possible steps are:
- State of the art analysis of authentication and recovery methods
- Large scale analysis of services on implemented methods
- Development of a "best practice guide" for recovery methods
- Prototype implemention