Implementation of Layered User Verification in Web Applications Using Google Authenticator-Based Two-Factor Authentication

Riski Yanti; Nurdin; Al Khaidar

doi:10.59934/jaiea.v5i1.1769

Authors

Riski Yanti Program Studi Magister Teknologi Informasi, Universitas Malikussaleh
Nurdin Program Studi Magister Teknologi Informasi, Universitas Malikussaleh
Al Khaidar Program Studi Magister Teknologi Informasi, Universitas Malikussaleh

DOI:

https://doi.org/10.59934/jaiea.v5i1.1769

Keywords:

Two Factor Authentication, Google Authenticator, Security

Abstract

This study discusses the implementation of a layered security system using the Two-Factor Authentication (2FA) method based on the Google Authenticator application on a website login system. The purpose of this study is to improve authentication security without sacrificing user convenience. The methods used include system performance testing by measuring login time and error rate, as well as usability evaluation using the System Usability Scale (SUS). Tests were conducted on 10 users for statistical analysis and 20 respondents for the usability test. The test results show that the average login time without 2FA is 2.11 seconds, increasing to 4.49 seconds after the implementation of 2FA, with the results of the paired t-test producing a t value = -21.8 and p-value = 0.00001, which indicates a statistically significant difference. The average SUS score obtained was 85.1, included in the very good category, which indicates that the system remains easy to use despite the additional authentication process. Blackbox testing results showed that all features functioned as expected, with a system success rate of 92.31% and a non-conformance rate of 7.69%. Risk evaluations and fallback solutions were also developed to address potential issues such as lost devices or forgotten backup keys. Thus, the developed 2FA system proved secure, effective, and user-friendly, and is suitable for enhancing login security in web-based applications.

Downloads

Download data is not yet available.

References

A. Khaidar, M. Azzanna, R. Rahmad, A. Hasibuan, M. Daud, and N. Nurdin, “Information Systems and Information Technology Strategies in the EMIS (Education Management Information System),” Journal of Artificial Intelligence and Software Engineering, vol. 5, no. 3, 2025.

A. A. Fauzi, S. Kom, M. Kom, B. Harto, I. M. Dulame, P. Pramuditha, and S. T. ST, Pemanfaatan Teknologi Informasi di Berbagai Sektor Pada Masa Society 5.0. Indonesia: PT. Sonpedia Publishing, 2023.

A. Fricticarani, A. Hayati, I. Hoirunisa, and G. M. Rosdalina, “Strategi pendidikan untuk sukses di era teknologi 5.0,” Jurnal Inovasi Pendidikan dan Teknologi Informasi (JIPTI), vol. 4, no. 1, pp. 56–68, 2023.

S. Azizah, Z. N. Ula, D. Mutiara, and M. P. Prameswari, “Keamanan siber sebagai fondasi pengembangan aplikasi keuangan mobile: Studi literatur mengenai cybercrime dan mitigasinya,” Akuntansi dan Teknologi Informasi, vol. 17, no. 2, pp. 221–237, 2024.

R. D. N. I. Sari, M. Istan, and H. Hendrianto, “Pengaruh Transformasi Sistem Keamanan dan Penggunaan Teknologi Baru Terhadap Serangan Siber pada Data Nasabah,” Doctoral dissertation, Institut Agama Islam Negeri (IAIN) Curup, 2025.

L. Judijanto, Y. P. Pasrun, T. B. Rohman, I. G. I. Sudipa, R. Selviana, I. D. G. A. Pandawana, and N. G. Permata, Sistem Informasi: Teori dan Penerapannya di Berbagai Bidang. Indonesia: PT. Sonpedia Publishing, 2025.

Z. K. Kadir, “Kejahatan berbasis identitas digital: Menggagas kebijakan kriminal untuk dunia metaverse,” Jurnal Litigasi Amsir, vol. 12, no. 2, pp. 124–137, 2025.

S. Bamashmos, N. Chilamkurti, and A. S. Shahraki, “Two-layered multi-factor authentication using decentralized blockchain in an IoT environment,” Sensors, vol. 24, no. 11, p. 3575, 2024, doi: 10.3390/s24113575.

V. Papaspirou, M. Papathanasaki, L. Maglaras, I. Kantzavelou, C. Douligeris, M. A. Ferrag, and H. Janicke, “A novel authentication method that combines honeytokens and Google Authenticator,” Information, vol. 14, no. 7, p. 386, 2023, doi: 10.3390/info14070386.

P. T. Tran-Truong, M. Q. Pham, H. X. Son, D. L. T. Nguyen, M. B. Nguyen, K. L. Tran, L. C. P. Van, K. T. Le, K. H. Vo, N. N. T. Kim, T. M. Nguyen, and A. T. Nguyen, “A systematic review of multi-factor authentication in digital payment systems: NIST standards alignment and industry implementation analysis,” Journal of Systems Architecture, vol. 162, p. 103402, 2025, doi: 10.1016/j.sysarc.2025.103402.

T. Aprilia, B. S. Pitoyo, A. Fauzi, R. G. Ramadhanti, R. D. Nurazizah, E. T. Wanti, and A. R. Prasetyo, “Pengaruh Keamanan Two Factor Authentication Terhadap Pencurian Data (Cyber Crime) Pada Media Sosial,” Madani: Jurnal Ilmiah Multidisiplin, vol. 2, no. 5, 2024.

R. S. Baidury, L. Kamajaya, and Fitri, “Two Factor Authentication (2FA) pada Pengunci Panel Box Menggunakan Face ID & Radio Frequency Identification (RFID),” Kohesi: Jurnal Sains dan Teknologi, vol. 3, no. 4, pp. 57–67, 2024.

M. Z. Siregar, N. F. I. E. Trisna, R. Alya, Z. Z. Nasution, M. Yusuf, and N. Harahap, “Penerapan Autentikasi Dua Faktor untuk Keamanan Data Pribadi di Instagram: Perspektif Mahasiswa UINSU Stambuk 21,” Triwikrama: Jurnal Multidisiplin Ilmu Sosial, vol. 6, no. 7, pp. 41–50, 2025, doi: 10.6578/triwikrama.v6i7.9683.

T. Suleski, M. Ahmed, W. Yang, and E. Wang, “A review of multi-factor authentication in the Internet of Healthcare Things,” Digital Health, vol. 9, May 2023, Art. no. 20552076231177144, doi: 10.1177/20552076231177144.

A. Hannan, F. Hussain, N. Ali, M. Ehatisham-Ul-Haq, M. U. Ashraf, A. Mohammad Alghamdi, and A. Saeed Alfakeeh, “A decentralized hybrid computing consumer authentication framework for a reliable drone delivery as a service,” PLoS One, vol. 16, no. 4, p. e0250737, Apr. 2021, doi: 10.1371/journal.pone.0250737.