Jump to content

Programming Challenge: Adaptive Multi-Factor Authentication (MFA) System (Jan 25, 2025)

Jessica Brown
Jessica Brown
in Programming Challenges

Featured Replies

Posted

Challenge:

Design and implement a basic adaptive MFA system that enhances security while minimizing friction for users. The system should prompt for MFA only when risk factors are detected (e.g., logging in from a new device, unusual location, or repeated failed login attempts).

Basic Requirements:

Implement user authentication with a username and password.
Implement MFA using a One-Time Password (OTP) (via email, SMS, or authenticator app).
Introduce risk-based authentication, triggering MFA only when certain conditions are met (e.g., new IP, failed login attempts).

Bonus Features for Enterprise-Level Security:

🔹 Device Fingerprinting: Store known devices and only require MFA on new ones.
🔹 Geolocation & IP Checks: Flag logins from unusual locations.
🔹 Behavioral Analysis: Detect anomalies in login behavior (e.g., too many login attempts, high-speed location changes).
🔹 OAuth/OpenID Integration: Implement MFA with OAuth2, OpenID Connect, or SAML.
🔹 Integration with an IAM System: Use services like AWS Cognito, Okta, or Microsoft Entra ID.
🔹 Adaptive MFA Bypass: Allow trusted users to log in with passwordless authentication if low risk is detected.

Example Implementation (Python + Flask + OTP)

import random
import time

# Sample user database with last login IP and last login timestamp
users = {
    "jessica": {"password": "secure123", "last_ip": "192.168.1.1", "last_login": time.time()}
}

def requires_mfa(username, current_ip):
    user = users.get(username)
    if not user:
        return False  # User not found

    # MFA triggers:
    if current_ip != user["last_ip"]:  # New IP detected
        return True
    if time.time() - user["last_login"] > 86400:  # 24-hour timeout
        return True
    return False

def generate_otp():
    return random.randint(100000, 999999)  # 6-digit OTP

# Simulate login
username = "jessica"
current_ip = "203.0.113.42"  # Simulating a new IP
if requires_mfa(username, current_ip):
    otp = generate_otp()
    print(f"MFA Required! Your OTP is: {otp}")
else:
    print("Login successful, no MFA needed.")
  • Quote
    • Views 57
    • Created
    • Last Reply

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Reply to this topic...
    Go to topic listing

    Important Information

    Terms of Use Privacy Policy Guidelines We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.