Two-factor authentication can significantly reduce risks of compromised accounts by protecting from the majority of password-leak based attacks. RADIUS protocol is a popular method of providing the second-factor authentication. This paper presents an innovative approach to enrolling users in RADIUS protocol based two-factor authentication. It describes a RESTful API, which complements the standard RADIUS protocol by adding the possibility of self-service second-factor enrollment. It also demonstrates a proof of concept RADIUS appliance and the web-based management interface as well as examples of API integration with a number of products.

Paper is available here: https://archive-ouverte.unige.ch/unige:101282