"If someone hacks into the server, they could learn the passwords via an offline dictionary attack," he said.

"Learning the passwords wouldn't compromise the second authentication factor, but the user might be using that same password elsewhere.

"The hacker might not be able to log into Facebook if Facebook uses two-factor authentication, but they could log into Twitter if Twitter uses the single-factor authentication using the same password," he said.

Researchers proposed and tested four two-factor schemes that require servers to store a randomized hash of the passwords and a second device, such as the user's security token or Smartphone, to store a corresponding secret code

They present these schemes at several levels of computer system bandwidth, effectively turning four schemes into 13 security options.

"Rather than requiring the user to enter both their password and a PIN generated by an app, the user could enter a password, and their Smartphone could automatically send a PIN over a Bluetooth connection or through a simple QR code," Saxena said.

Saxena and his co-authors, UAB graduate student Maliheh Shirvanian, Stanislaw Jarecki and Naveen Nathan of the University of California at Irvine, have analyzed each scheme in terms of security provided, usability and deployability.

"With each of our proposals, you get a high level of security with the same or better level of usability than the current two-factor authentication schemes," researchers said.

Read More:

New Record Set For Data-Transfer Speeds

India Still Vulnerable To Information Security Threats: EC Council