Anonymous and Practical Multi-factor Authentication for Mobile Devices Using Two-Server Architecture

At present, password authentication technology using single-server architecture has been widely used in practice. However, it cannot resist internal privilege attack, dictionary guessing attack, and other attacks. To solve the above problems, this paper proposes an anonymous and practical multi-factor authentication protocol for mobile devices using two-server architecture with honeywords. The protocol is more secure than the existing single-factor authentication protocols, and can solve serious security problems such as internal privilege attack and direct leakage of private data after the server is compromised using a single server architecture. The strict security analysis proves that the protocol is secure. Compared to similar protocols, our protocol needs lower computation and communication costs, and can better meet the practical application requirements.