Construction of a secure two-factor user authentication system using fingerprint information and password

User authentication is highly necessary technology in a variety of services. Many researchers have proposed a two-factor authentication scheme using certificate and OTP, smartcard and password, and so on. Two-factor authentication requires an additional factor rather than one-factor authentication. Therefore, loss or exposure can occur, since users always must carry and manage the additional device or factor. For this reason, biometric authentication, used in many services, needs a verification method of the user without an additional factor. Fingerprinting is widely used in service due to excellent recognition, low cost device, and less user-hostile. However, fingerprint recognition always uses the same fingerprint template, due to the inalterability. This causes a problem of reusable fingerprint by a malicious attacker. Therefore, we proposed a secure two-factor user authentication system using fingerprint information and password to solve the existing two-factor problem. The proposed scheme is secure against reuse of a fingerprint. It does not need an extra device, so efficiency and accessibility are improved.