Purpose ‐ The SOUL System aims to provide a low-cost secure online two-factor authentication system that involves both a password and a security token in the form of an ordinary electronic container. Its main goal is to design and build a system that can easily be integrated
to existing websites to make the login and registration processes more secure. Design/methodology/approach ‐ The three main parts of the system are the website, the ordinary hardware device, and trusted third party. The website must first be integrated with the web API provided
and then registered to the trusted third party website to allow two-factor authentication. It must be registered to the trusted third party so that it can be used to register and login to SOUL System integrated websites. Findings ‐ The design and implementation of the proposed
two-factor authentication system makes use of the hybrid cryptosystem, one-time passwords, hash functions, trusted third parties, steganographic techniques, signed java applets and cross-language cryptographic libraries. It protects users from well known attacks such as brute-force attacks,
collision attacks, dictionary attacks, keylogger attacks, man-in-the-middle attacks, and even replay attacks. Currently, the system can be integrated to websites built in PHP, Python, and Java. Originality/value ‐ The SOUL System is the first two-factor authentication system
that uses both cryptography and steganography to provide secure online authentication with an ordinary USB flash drive. It is designed to work in major operating systems such as Windows, Mac OS X, and Linux with very minimal installation.