Implementation of Two-Factor Authentication (2FA) to Enhance the Security of Academic Information System

摘要

Academic information system play an important role to serve the information technology needs of the academic programs at University of Lampung these system are usually implemented on higher education in order to provide a validity and reliability of academic data. University of Lampung (Unila) has a long history in development of Academic Information System (Siakad), starting with manual system, semi-online and full online. To enhance the security level of Siakad application, further more in this study, described the design and implementation process of two-Factor Authentication (2FA) that was already deployed on Siakad application and running well, since, 2013 it used the account knowledge (username/password) and also account possession (security token on users mobile phone) factors. Both of these factors are implemented for user authentication, it proven that the security become better and made it more difficult to bypass and minimize the possibility of unauthorized access. Data retrieval of system usage statistic conducted, since, April 2014 until April 2016 from the system report shown there were total 29483 time One Time Password (OTP) code sent to user?s mobile phone. Usually on January or August each year there will be an increased number of OTP code sent to user because on January was the end of even semester and August was the end of odd semester. The most popular cellular provider used by user was TELKOMSEL with total 77% registered number, INDOSAT with 18% number used, XL with 3% number registered and TRI with total 2% number registered with this various number of cellular number usage, we analyzed that mean time the OTP code delivery was 22.87 sec, this mean time value was still within the threshold of tolerance time accepted by user, indicated the system research as well.