Multimodal authentication system with facial recognition and totp for adaptable secure access
Abstract
The increasing sophistication of cyber threats has revealed the limitations of password-based authentication mechanisms. Although multifactor authentication (MFA) has emerged as a security standard, traditional MFA schemes often impose rigid verification flows that negatively impact usability and system adoption. This work presents the design, implementation, and evaluation of a flexible multimodal authentication system that enables user verification through facial recognition or a time-based one-time password (TOTP), in combination with a conventional password. The system was developed in Python following a Model–View–Controller (MVC) architecture to ensure modularity, maintainability, and scalability. The biometric module integrates OpenCV and the face_recognition library to extract and validate facial embeddings, while PyOTP enables TOTP generation and verification under the RFC 6238 standard. Experimental results demonstrate a biometric accuracy of 85%, an average authentication time of 2.1 seconds, and a False Acceptance Rate (FAR) of 0.8%. Meanwhile, TOTP validation achieved a 94% success rate. These results demonstrate that a flexible OR-based MFA approach can balance usability and security, making the system a viable alternative for academic environments, research prototyping, and low-infrastructure scenarios that require secure yet user-friendly identity verification mechanisms.
Downloads
References
P. T. Tran-Truong, M. Q. Pham, H. X. Hijo, E. t. Nguyen, M. B. Nguyen, K. L. Tran, L. C. Van, K. T. Le, K. H. Vo, N. N. Kim, T. M. Nguyen y A. T. Nguyen, «A systematic review of multi-factor authentication in digital payment systems: NIST standards alignment and industry implementation analysis,» Journal of Systems Architecture, vol. 162, p. 103402, 2025. DOI: https://doi.org/10.1016/j.sysarc.2025.103402
A. Al-Mutairi y R. Al-Sahli, Secure Authentication System based on Multi-Factor Authentication, 2024.
S. Bamashmos, N. Chilamkurti y A. S. Shahraki, «Two-Layered Multi-Factor Authentication Using Decentralized Blockchain in an IoT Environment,» Sensors, vol. 24, nº 11, p. 3575, 2024. DOI: https://doi.org/10.3390/s24113575
R. I. Abdelfatah, «Robust biometric identity authentication scheme using quantum voice encryption and quantum secure direct communications for cybersecurity,» Journal of King Saud University - Computer and Information Sciences, vol. 36, p. 102062, 2024. DOI: https://doi.org/10.1016/j.jksuci.2024.102062
S. Pahuja y N. Goel, «Multimodal biometric authentication: A review,» AI Communications: The European Journal on Artificial Intelligence, vol. 37, nº 4, pp. 525-547, 2024. DOI: https://doi.org/10.3233/AIC-220247
B. Alharbi y H. S. Alshanbari, «Face-voice based multimodal biometric authentication system via FaceNet and GMM,» PeerJ Computer Science, vol. 9, p. 1468, 2023. DOI: https://doi.org/10.7717/peerj-cs.1468
M. Beltrán y M. Calvo, «A privacy threat model for identity verification based on facial recognition,» Computers & Security, vol. 132, p. 103324, 2023. DOI: https://doi.org/10.1016/j.cose.2023.103324
L. Hallal, J. Rhinelander y R. Venkat, «Recent Trends of Authentication Methods in Extended Reality: A Survey,» Appl. Syst. Innov., vol. 7, nº 3, p. 45, 2024. DOI: https://doi.org/10.3390/asi7030045
N. Dalal y B. Triggs, «Histograms of oriented gradients for human detection,» IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'05), vol. 1, pp. 886-893, 2005. DOI: https://doi.org/10.1109/CVPR.2005.177
F. Schroff, D. Kalenichenko y J. Philbin, «FaceNet: A unified embedding for face recognition and clustering,» Proc. IEEE Conf. Computer Vision and Pattern Recognition (CVPR), p. 815–823, 2015. DOI: https://doi.org/10.1109/CVPR.2015.7298682
D. M'Raihi, S. Machani, M. Pei y J. Rydell, «TOTP: Time-Based One-Time Password Algorithm,» Internet Engineering Task Force (IETF), 2011. DOI: https://doi.org/10.17487/rfc6238
D. M'Raihi, M. Bellare, F. Hoornaert, D. Naccache y O. Ranen, «HOTP: An HMAC-based One-Time Password Algorithm,» Internet Engineering Task Force (IETF), 2005. DOI: https://doi.org/10.17487/rfc4226
N. Provos y D. Mazieres, «A future-adaptable password scheme,» Proc. USENIX Annual Technical Conference, p. 81–92, 1999.
P. Grassi, J. Fenton, E. Newton, R. Perlner, A. Regenscheid, W. Burr y J. Richer, «Digital Identity Guidelines: Authentication and Lifecycle Management,» National Institute of Standards and Technology (NIST), 2017. DOI: https://doi.org/10.6028/NIST.SP.800-63b
OWASP Foundation, «OWASP Cheat Sheet Series,» 2024. [En línea]. Available: https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html. [Último acceso: 01 Octubre 2025].
Z. Ming, M. Visani, M. Luqman y J.-C. Burie, «A survey on anti-spoofing methods for face recognition with RGB cameras of generic consumer devices,» Computer Vision and Pattern Recognition (cs.CV), 2020. DOI: https://doi.org/10.3390/jimaging6120139
S. Khairnar, S. Gite, K. Kotecha y S. Thepade, «Face liveness detection using artificial intelligence techniques: A systematic literature review and future directions,» Big Data and Cognitive Computing, vol. 7, nº 1, p. 37, 2023. DOI: https://doi.org/10.3390/bdcc7010037
Copyright (c) 2026 Innovation and Software
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors exclusively grant the right to publish their article to the Innovation and Software Journal, which may formally edit or modify the approved text to comply with their own editorial standards and with universal grammatical standards, prior to publication; Likewise, our journal may translate the approved manuscripts into as many languages as it deems necessary and disseminates them in several countries, always giving public recognition to the author or authors of the research.
