DIKA, GEA FABRIAN (2025) Implementasi Efektivitas Keamanan Multi-Factor Authentication (MFA) terhadap Serangan Credential Stuffing. S1 thesis, Universitas Mercu Buana-Menteng.
![[img]](https://repository.mercubuana.ac.id/style/images/fileicons/text.png) |
Text (COVER)
41521110013-GEA FABRIAN DIKA-01 Cover - GEA FABRIAN DIKA.pdf Download (465kB) |
|
Text (BAB I)
41521110013-GEA FABRIAN DIKA-02 Bab 1 - GEA FABRIAN DIKA.pdf Restricted to Registered users only Download (242kB) |
|
Text (BAB II)
41521110013-GEA FABRIAN DIKA-03 Bab 2 - GEA FABRIAN DIKA.pdf Restricted to Registered users only Download (289kB) |
|
Text (BAB III)
41521110013-GEA FABRIAN DIKA-04 Bab 3 - GEA FABRIAN DIKA.pdf Restricted to Registered users only Download (243kB) |
|
Text (BAB IV)
41521110013-GEA FABRIAN DIKA-05 Bab 4 - GEA FABRIAN DIKA.pdf Restricted to Registered users only Download (699kB) |
|
Text (BAB V)
41521110013-GEA FABRIAN DIKA-06 Bab 5 - GEA FABRIAN DIKA.pdf Restricted to Registered users only Download (103kB) |
|
Text (DAFTAR PUSTAKA)
41521110013-GEA FABRIAN DIKA-08 Daftar Pustaka - GEA FABRIAN DIKA.pdf Restricted to Registered users only Download (173kB) |
|
Text (LAMPIRAN)
41521110013-GEA FABRIAN DIKA-09 Lampiran - GEA FABRIAN DIKA.pdf Restricted to Registered users only Download (644kB) |
Abstract
Perkembangan teknologi digital yang pesat telah memberikan banyak kemudahan, namun di sisi lain juga memunculkan berbagai ancaman keamanan siber. Salah satu bentuk ancaman yang semakin umum terjadi adalah serangan credential stuffing, yaitu serangan otomatis yang memanfaatkan kombinasi username dan password hasil kompromi dari sistem lain untuk mendapatkan akses ilegal ke suatu sistem. Teknik ini memanfaatkan fakta bahwa banyak pengguna masih menggunakan kredensial yang sama di berbagai layanan. Seiring meningkatnya ancaman ini, penggunaan Multi-Factor Authentication (MFA) mulai diterapkan secara luas sebagai lapisan tambahan keamanan guna memperkuat sistem autentikasi pengguna. Penelitian ini bertujuan untuk menganalisis secara sistematis efektivitas mekanisme keamanan MFA dalam mencegah atau mengurangi dampak serangan credential stuffing, khususnya pada sistem aplikasi web berbasis Laravel. Metode penelitian yang digunakan meliputi studi literatur dari jurnal ilmiah terkini, perancangan simulasi lingkungan aplikasi yang mendukung implementasi MFA, serta pengujian skenario serangan menggunakan dataset akun yang telah disusupi. Penilaian dilakukan dengan membandingkan tingkat keberhasilan serangan pada sistem tanpa MFA dan sistem yang telah menerapkan MFA, serta mengukur responsivitas sistem terhadap upaya serangan berulang. Hasil penelitian menunjukkan bahwa penerapan MFA secara signifikan meningkatkan tingkat keamanan autentikasi pengguna dan mampu meminimalisir keberhasilan serangan credential stuffing hingga lebih dari 90% dibandingkan sistem tanpa MFA. Selain itu, implementasi MFA berbasis Time-Based One-Time Password (TOTP) terbukti lebih efisien dan user-friendly dibandingkan metode lain seperti email OTP atau biometrik dalam konteks pengembangan aplikasi sederhana. Penelitian ini menyimpulkan bahwa MFA merupakan solusi keamanan yang efektif dan layak diimplementasikan untuk sistem informasi yang menyimpan data sensitif, dengan catatan bahwa pengguna tetap diedukasi untuk menjaga kebiasaan keamanan digital mereka. The rapid advancement of digital technology has brought numerous conveniences, but it has also introduced various cybersecurity threats. One of the most prevalent forms of attacks in recent years is credential stuffing, which involves automated attempts to gain unauthorized access to user accounts by reusing compromised usernames and passwords obtained from previous data breaches. This type of attack leverages the common user behavior of reusing login credentials across multiple platforms. To address this growing threat, Multi-Factor Authentication (MFA) has been widely adopted as an additional security layer to enhance user authentication mechanisms. This study aims to systematically analyze the effectiveness of MFA in mitigating or preventing credential stuffing attacks, specifically within a Laravel-based web application environment. The research methodology includes an extensive literature review of recent academic sources, the design and development of a simulated application environment supporting MFA, and attack simulations using publicly leaked credentials. The evaluation compares the success rates of credential stuffing attempts in systems without MFA and those protected by MFA, and measures system responsiveness against repeated attack attempts. The results indicate that the implementation of MFA significantly enhances authentication security, reducing the success rate of credential stuffing attacks by over 90% compared to systems lacking MFA. Moreover, Time-Based One-Time Password (TOTP)-based MFA proves to be more efficient and user- friendly than alternative methods such as email-based OTP or biometric authentication, especially in lightweight application development. This research concludes that MFA is an effective and practical security measure for protecting systems that handle sensitive user data, provided that users are also educated on safe digital practices.
Actions (login required)
 |
View Item |
