0

Is it possible to design a system with two passwords prompts?

  1. The system will have to prompt for two passwords
  2. The system would have to validate first password before prompting for second password
  3. User cannot be prompted for second password until first password is correctly supplied
  4. The two passwords are stored in the separate DB locations
  5. AD, LDAP and/or AAA systems will be updated with the same dual password information

This system dual passwords login would be primarily for system logins. The Username and First Password for local login. First and Second password prompts for remote login. The second password will be tied to the Network Interface NIC (i/o interrupt) so that the system would know when a user is attempting to login remotely and when user is logging locally.

I have read this post Two passwords for one account.

Benefit:

  1. Assuming the system is implemented in home or standalone computer with Internet connectivity, hackers can steal the local password via social engineering or keystroke logging but because the user is not using the second password (remote password), the hacker stealing the local password is useless because he will not be able to login remotely without the remote password.

  2. In the network environment (e.g. server) when local Admin password is stolen, hacker also must have to steal the remote password too in order to login remotely.

2 Answers2

3

Is it possible to design a system with two passwords prompts?

Yes, TOTP is the first thing that comes to mind: user enters his login and password, if they are correct the system asks for the TOTP. This should be the default login system everywhere.

I have something like that on one of my servers: if you SSH in from within the VPN connection, you can login just with key authentication. If you reach the external IP, you must provide a TOTP too.

the hacker stealing the local password is useless because he will not be able to login remotely without the remote password.

If the hacker can steal the first password via social engineering, he will surely be able to steal the second too.

The second password will be tied to the Network Interface NIC (IO interrupt) so that the system would know when a user is attempting to login remotely and when user is logging locally.

And this is easy defeated.

As soon as the hacker runs code on the local computer, he can do anything. He can install a proxy and access it remotely, and to the system the access is local. He could keep a program running, talking to hacker's controlled system to either provide real time execution (a console) or send/receive data periodically.

If your system needs security, use TOTP, or a hardware token, or both. That's how Multi Factor Authentication is implemented.

ThoriumBR
  • 51,983
  • 13
  • 131
  • 149
  • I noticed that most at times, people including me, are confused on system admin login vs application login. For instance, in network systems such as routers and switches, CLI/GUI using SSH is used. Time-based one time password can work perfectly for web application but not completely sure how that works with admin access to Linux, Unix, routers and switches. – Ninja64 Apr 07 '22 at 14:52
  • `ssh user@server`, system asks password, user enters password, system asks OTP, user goes to the phone, reads the token, enters the token, system gives shell to user. – ThoriumBR Apr 07 '22 at 14:56
0

It's been done before by Digital Equipment Corp (DEC) in their VMS operating system. Two password authentication (presumably for two people to authenticate access to an account). Combined with a 'remote login disabled' feature it seemed pretty secure (at the time). I loved working with VMS and the great degree of security that could be configured. The logging system was very detailed and could go from very passive to ridiculously secure logging (and announcing) of every single file and security action that happened.