Two-factor authentication (2FA) is a widely adopted security measure that requires users to provide an additional layer of authentication beyond a username and password in order to access protected resources. While traditional 2FA methods rely on the user to manually enter a code or token, the use of machine learning (ML) has the potential to revolutionize 2FA by enabling automatic and continuous verification of a user’s identity. In this paper, we propose a continuous zero effort 2FA system that uses ML to verify a user’s identity based on the unique characteristics of their environment, including beacon frame characteristics and RSSI values collected from Wi-Fi access points (APs). This system allows for seamless and automatic authentication without requiring any additional input or action from the user beyond their initial login. Additionally, the continuous authentication feature of the proposed system ensures that access to protected resources is maintained only when the user’s two devices are co-located. Through experiments, we demonstrate the effectiveness of the proposed system in determining the location of the user’s devices based on beacon frame characteristics and Received Signal Strength Indicator (RSSI) values. The proposed system offers a convenient and secure solution for 2FA that utilizes the power of ML to enable automatic and continuous authentication. Furthermore, its scalability, flexibility, and adjustability make it a promising option for organizations and users who need a secure and convenient authentication system. Finally, we have included three Python codes in the appendix, which provide further insights into our evaluation and analysis of the proposed system.

Traditional two-factor authentication (2FA) systems often require users to enter a code or use a physical token, which can be inconvenient or inconvenient. In this paper, we propose a novel zero-effort 2FA system that utilizes the characteristics of ambient access points (APs) visible to users’ devices to authenticate them without requiring user interaction. The proposed system is flexible and adaptable, allowing for the adjustment of various parameters such as the range of acceptable distances between the user’s devices and the minimum number of APs required for authentication. It is also robust, with features to handle situations where there may be a lack of APs in the user’s environment or the user does not have access to their mobile device. Additionally, the proposed system takes user privacy into consideration by limiting the storage of sensitive information and purging data related to a user’s session after it is complete. The proposed system is a secure and user-friendly solution for 2FA that can be easily implemented in various settings. Finally, the proposed system was tested and evaluated, and the results showed that it is effective in authenticating users while maintaining a high level of security.