International Journal of Innovative Research in Computer and Communication Engineering
ISSN Approved Journal | Impact factor: 8.771 | ESTD: 2013 | Follows UGC CARE Journal Norms and Guidelines
| Monthly, Peer-Reviewed, Refereed, Scholarly, Multidisciplinary and Open Access Journal | High Impact Factor 8.771 (Calculated by Google Scholar and Semantic Scholar | AI-Powered Research Tool | Indexing in all Major Database & Metadata, Citation Generator | Digital Object Identifier (DOI) |
| TITLE | Hybrid Authentication System using JSON Web Tokens and Multi-Factor Authentication for Securing Web Applications |
|---|---|
| ABSTRACT | As online services and web applications continue to grow rapidly, secure user authentication has become a critical concern in modern cybersecurity. Traditional authentication methods that rely solely on usernames and passwords are highly vulnerable to attacks such as brute-force attacks, phishing, credential theft, and session hijacking. This research proposes a Hybrid Authentication System that integrates JSON Web Tokens (JWT) and Multi-Factor Authentication (MFA) to enhance web application security. JWT is utilized for stateless session management, while Time-Based One-Time Passwords (TOTP) provide an additional layer of security. The system is implemented using FastAPI and Streamlit frameworks.The results demonstrate improved security, scalability, and stronger resistance to unauthorized access compared to traditional authentication systems. |
| AUTHOR | CHEDE YASWANTH, DESIREDDY GOPAL REDDY, JAVVAJI NAVYA, KASTURI GOWTHAM, KRISTAVARAPU JAGADEESH, M.GANESH BABU B. Tech Student, Department of CSE, Sir C R Reddy College of Engineering, Eluru, A.P., India Assistant Professor, Department of Computer Science and Engineering, Sir C R Reddy College of Engineering, Eluru, A.P., India |
| VOLUME | 183 |
| DOI | DOI: 10.15680/IJIRCCE.2026.1404019 |
| pdf/19_Hybrid Authentication System using JSON Web Tokens and Multi-Factor Authentication for Securing Web Applications.pdf | |
| KEYWORDS | |
| References | [1] M. Jones, J. Bradley, and N. Sakimura, “JSON Web Token (JWT),” Internet Engineering Task Force (IETF), RFC 7519, 2015. [2] T. Dierks and E. Rescorla, “The Transport Layer Security (TLS) Protocol,” IETF RFC 5246, 2008. [3] W. Stallings, Cryptography and Network Security: Principles and Practice, 7th ed. Pearson Education, 2017. [4] M. Goodrich and R. Tamassia, Introduction to Computer Security. Pearson, 2015. [5] “FastAPI Documentation.” [Online]. Available: https://fastapi.tiangolo.com [6] “Streamlit Documentation.” [Online]. Available: https://docs.streamlit.io [7] “PyOTP Documentation.” [Online]. Available: https://pyauth.github.io/pyotp/ [8] “SQLite Documentation.” [Online]. Available: https://www.sqlite.org/docs.html [9] OWASP Foundation, “Authentication Security Guidelines,” 2023. [Online]. Available: https://owasp.org [10] National Institute of Standards and Technology (NIST), “Digital Identity Guidelines,” 2020. [Online]. Available: https://pages.nist.gov [11] D. Hardt, “The OAuth 2.0 Authorization Framework,” IETF RFC 6749, 2012. [12] OpenID Foundation, “OpenID Connect Core 1.0,” 2014. [13] A. Shamir, “Identity-Based Cryptosystems and Signature Schemes,” Advances in Cryptology, 1984. [14] S. Kent and K. Seo, “Security Architecture for the Internet Protocol,” IETF RFC 4301, 2005. [15] N. Ferguson, B. Schneier, and T. Kohno, Cryptography Engineering. Wiley, 2010. [16] Google, “BeyondCorp: A New Approach to Enterprise Security,” 2014. [17] A. Das, J. Bonneau, M. Caesar, N. Borisov, and X. Wang, “The Tangled Web of Password Reuse,” NDSS, 2014. [18] Microsoft, “Multi-Factor Authentication Security Best Practices,” 2022. [19] Duo Security, “The State of Multi-Factor Authentication,” 2021. [20] S. Josefsson, “Base64 Data Encodings,” IETF RFC 4648, 2006. |
