With stealth mode, we denote a security feature of 2-factor authentication schemes providing the following extra security:
- ●No information about users or authentication tokens is leaked to adversaries (no user enumeration).
- ●An adversary cannot obtain information about the correct password (not even for trying a few frequently used passwords).
This only applies if the simulation of the second factor cannot be distinguished from the real second factor.
Stealth mode is applicable for 2-factor authentication schemes performed in 2 steps:
- 1.Usually username/password authentication.
- 2.Authentication token such as SMS, OTP, grid card etc. An authentication method may be selected based on user data (see also 17.4.1.11. Selection of authentication method (mixing multiple token-types)).
Potential information leakage without stealth mode
Consider the following typical 2-factor authentication scheme:
- Without the special security measures the following information can be gained from the above authentication process:
- ●"Username + password correct": because the system shows an input field for a token, the attacker knows that the provided password is correct and the user exists
- ●"User unknown": If the system responds differently for existing and non-existing users, an attacker may learn which users exist.
- ●"User locked": If the system tells unauthenticated users that an account has been locked, an attacker may learn usernames and that denial-of-service is possible.
- ●"Username/password wrong": Depending on the reaction of the system, an attacker may learn that a user exists and that a tried password was wrong.