Nguyen Thi Hong Mai, Nguyen Manh Hung, Dao Ngoc Tu

DOI: https://doi.org/10.5281/zenodo.20720103

In the context of increasingly sophisticated identity theft attacks, the sole reliance on traditional hash functions no longer guarantees absolute security for authentication systems. This paper focuses on the theoretical research of modern password protection algorithms—such as Bcrypt, Scrypt, and PBKDF2—thereby analyzing the technical characteristics that help mitigate specialized hardware attacks. Building on this foundation, the authors propose a Multi-layered Authentication Model that integrates ‘memory-hard’ hashing algorithms with digital security components like Multi-Factor Authentication (MFA). The research findings provide a theoretical framework to support the development of personal data security policies and enhance digital literacy for users within higher education environments

Bcrypt, Digital literacy, Information security, Password hashing, Scrypt

Algorithms such as Bcrypt, Scrypt, and PBKDF2 completely outperform traditional cryptographic hash functions (such as MD5 and SHA-1) due to their randomized salting mechanisms and adjustable workload configuration properties (Work Factor). Notably, the memory-hard signature of Scrypt stands as the most effective barrier against contemporary specialized hardware-driven attacks [5].
In the digital era, standalone passwords are no longer viable as a singular line of defense. Fusing robust hashing algorithms with additional digital security components (such as OTP and Two-Factor Authentication – 2FA) represents the optimal model for safeguarding the sensitive information of faculty and students alike. Cultivating digital literacy does not stop at deploying sophisticated cryptographic algorithms; it equally entails transforming user habits and behavioral awareness regarding personal information security. Ultimately, information security does not rely solely on encryption technologies, but rather on the seamless coordination between technical solutions and user behavior within the digital ecosystem.

[1] Phan Dinh Dieu (2006), Cryptography Theory and Information Security, Vietnam National University Press, Hanoi.
[2] Le Dac Nhuong (2018), Data Security, Vietnam National University Press, Hanoi.
[3] Nguyen Van Tuan, Nguyen Hong Son (2022), "Performance and Security Evaluation of Password Hashing Algorithms in E-Learning Systems", Journal of ICT.
[4] Foley, D. (2019), "Comparative Analysis of Password Hashing Algorithms: Bcrypt, PBKDF2 and Scrypt", University of Dublin.
[5] Percival, C. (2009), "Stronger Key Derivation via Sequential Memory-Hard Functions", BSDCan’09 Conference.
[6] Provos, N., & Mazières, D. (1999), "A Future-Adaptive Password Scheme: Bcrypt", Proceedings of the USENIX Annual Technical Conference.
[7] Stallings, W. (2016), Network Security Essentials: Applications and Standards, Pearson Education, USA.

Nguyen Thi Hong Mai, Nguyen Manh Hung, Dao Ngoc Tu (2026). MULTI-LAYERED AUTHENTICATION MODEL BASED ON THE COMBINATION OF PASSWORD HASHING AND DIGITAL SECURITY FACTORS. International Journal of Computer Techniques, 13(3), 873–. ISSN: 2394-2231. DOI: https://doi.org/10.5281/zenodo.20720103