One of the most important requirements of information security is to authenticate the identity of the object, who authorized to use the system computing resources such as account access, read and edit documents for the information system of state agencies, or conduct online transactions in e-commerce systems. The most popular online authentication method is to use a password. However, in the current context, the safety of this method is not high. To increase the security for authentication process, the password should be used with other factors, or called multi-factor authentication. This article will introduce a method to build multi- factors authentication system for a website.

[1]. M. S. Merkow, and J. Breithaupt, Information Security Principles and Practices. NJ, Prentice Hall, 2005.

[2]. E. Gilman, and D. Barth, Zero Trust Networks: Building Secure Systems in Untrusted Networks, 1st edition, Califonia: O'Reilly Media, 2017.

[3]. Le Phuong, “The bank has simultaneously changed the way to receive OTP codes from today”, Jul. 01, 2019. [Online]. Available: https://bnews.vn/ngan-hang-dong-loat-doi-cach-nhan-ma-otp-tu-hom-nay/126768.html. [Accessed Jan. 11, 2020].

[4]. C. J. Wu, and J. D. Irwin, Introduction to Computer Networks and Cybersecurity. Florida: CRC Press, 2017.

[5]. Internet Engineering Task Force, “TOTP: Time-Based One-Time Password Algorithm”. Internet Engineering Task Force, RFC6238, 2011. [Online]. Available: https://tools.ietf.org/html/rfc6238. [Accessed Jan. 11, 2020].

[6]. J. R. Vacca, Computer and Information Security Handbook. Massachusetts: Morgan Kaufmann, 2017.

[7]. Google, “Google Authenticator OpenSource”, Dec. 06, 2018. [Online]. Available: https://github.com/google/google-authenticator. [Accessed Jan. 11, 2020].