A More Secure Means of User Authentication through USB Devices

In 2007-2009, over 5 million computers were stolen in the United States. About 21% of the victims used only a log-in password (the password you type in after initially starting your computer) to secure their computers. As many as 46.5% of those surveyed said they had information worth up to $1 million on their computers. (http://www.mactech.com/ 2010/08/03/key-findings-8th-annual-2010-bsi-computer-theft-survey) Users often create weak passwords for their computers, which could allow a malicious agent to guess their password, gaining access to their system. My research involves creating a two-factor authentication system for logging in to computers. While various other token-based (e.g. smart card, USB device) authentication solutions exist for logging into websites and operating systems, my research specifically allows users to employ two-factor authentication with a complex key stored on a flash drive combined with a user's PIN, to log into their computers’ Windows operating systems. The physical authentication factor comes from letting the user utilize any off- the-shelf USB flash drive as the main key. The knowledge authentication factor comes from the user memorizing a 4-digit or longer PIN code. Together, this creates an easy to use, intuitive, and secure authentication system for a user's personal computer. This system could reach a wide audience by being made available free of charge over the internet. Additionally, this project could be used in further research involving hard drive encryption to provide an even more secure solution.