Secure Hybrid Authentication Using Facial Biometrics, Liveness Verification, and Time-Based One-Time Passwords

Biometric authentication systems have been widely studied as a secure alternative to traditional password-based methods. Existing research can be broadly categorized into four areas: (i) facial liveness detection techniques, (ii) OTP-based authentication mechanisms, (iii) behavioral biometrics, and (iv) hybrid MFA systems.

Facial liveness detection plays a crucial role in preventing spoofing attacks in face recognition systems. Zhou et al. [4] proposed lip-motion-based liveness detection techniques that analyze dynamic facial movements to distinguish real users from spoofing attempts. Similarly, Fang et al. [7] introduced vision transformer-based models for face anti-spoofing, while Uludag et al. [10] explored deep learning approaches for robust detection of advanced spoofing attacks. Although these methods achieve high accuracy, they often require large datasets and computational resources.

OTP-based authentication mechanisms are widely used to enhance security through time-sensitive verification. Li et al. [5] proposed a time-based OTP (TOTP) framework that reduces the risk of replay attacks by generating temporary authentication codes. Kumaran et al. [1] further explored biometric-based OTP systems by integrating iris features with OTP generation. However, these approaches treat OTP as an independent factor and do not tightly bind it with biometric identity.

Behavioral biometric methods have also been explored to improve authentication reliability. Zhang [6] presented a comprehensive survey on behavioral biometrics, highlighting user interaction patterns such as typing behavior and device usage. While these approaches enhance security, they are often affected by variability in user behavior.

Hybrid authentication systems combining multiple factors have gained attention in recent years. Vijay et al. [11] proposed a multimodal biometric authentication system, while Blanton et al. [12] focused on privacy-preserving biometric frameworks. Although these systems improve overall security, most existing approaches treat biometric and OTP components independently without strong integration.

From the existing literature, it is evident that current systems either rely on biometric authentication alone or use OTP as a separate secondary factor. There is limited work that tightly integrates liveness-verified biometric identity with OTP generation in a unified framework. The proposed FaceOTP system addresses this gap by linking geometric facial features, verified through liveness detection, with time-based OTP generation to improve resistance against spoofing and replay attacks.

A. Research Gap

From the existing literature, it is clear that significant advancements have been achieved for biometric authentication, liveness detection, and OTP-based security. Nevertheless, most of these existing methods have used either biometric-based authentication on its own or have considered OTP-based authentication as a separate entity. There is limited research available on integrating biometric identity and OTP generation as a unified entity.

The proposed FaceOTP system aims to bridge the existing gap by integrating facial recognition, behavioral liveness, and TOTP as a unified hybrid entity. Unlike existing methods, the proposed system ensures that OTP is generated based on the verified identity, thereby resisting spoofing and replay attacks.

Table 1. Summary of related work in biometric authentication and security systems

A summary of related work in biometric authentication is presented in Table 1.

B. Novelty of the Proposed System

Current MFA systems often combine a biometric method with an OTP channel, but they usually treat these factors as separate. For instance, many face-plus-OTP systems use face recognition to verify identity and a separate SMS or app-based OTP to check possession, without linking the OTP generation process to biometric features. Other systems, like TOTP-based VR authentication, focus only on time-based codes and do not include liveness-aware biometrics. In contrast, the proposed FaceOTP model (i) requires liveness detection through blink and head-pose challenges before generating any OTP, (ii) creates a geometric facial feature vector and converts it into a cryptographic hash that is part of the TOTP secret, and (iii) tests this closely linked process on a single prototype implementation. To our knowledge, no previous hybrid biometric-OTP systems have connected a liveness-verified facial template with TOTP generation while also providing a detailed look at spoofing resistance and time-based authentication performance.

A. Working Principle

The proposed FaceOTP system follows a hybrid authentication approach that integrates facial recognition, liveness detection, and TOTP verification in a consistent and unified workflow. The system operates in two main phases: enrollment and authentication.

1. Enrolment Phase

During the enrollment phase, the user’s facial data is captured using a webcam. Facial landmarks are extracted using MediaPipe Face Mesh, and a GFV is generated by computing Euclidean distances between selected landmark pairs.

The generated feature vector is stored securely on the server as the enrolled template for similarity matching. Additionally, a SHA-256 hash of the feature vector is stored for secure OTP binding. The raw feature vector is not exposed externally, ensuring privacy and security.

2. Authentication Phase

During authentication, real-time facial data is captured and processed similarly to the enrollment phase. Liveness detection is performed using eye blinking and head movement analysis to confirm the presence of a real user.

Once liveness is verified, a feature vector is generated from the live facial data. This vector is compared with the enrolled feature vector using Euclidean distance to determine similarity. Authentication proceeds only if the similarity score is within a predefined threshold.

After successful biometric verification, a TOTP is generated on the server using a biometric-derived secret key. The OTP is securely transmitted to the user interface, where the user enters it within a limited time window. The server then verifies the entered OTP using the same secret key and synchronized time interval. Access is granted only if both biometric matching and OTP verification are successful.

3. System Implementation

The system is implemented using a consistent software stack. MediaPipe Face Mesh is used for facial landmark extraction, while OpenCV is used for real-time video capture and image processing. The backend is developed using FastAPI to handle authentication requests and OTP verification. The PyOTP library is used for TOTP generation and validation.

Figure 2. User enrollment process

The enrollment workflow of the system is shown in Figure 2.

B. Algorithm Steps

1. Algorithm:

Hybrid Authentication with Liveness and Time-Sensitive OTP

2. Require:

1: Camera-enabled client device

2: MediaPipe Face Mesh model

3: Liveness thresholds tau_Eye Aspect Ratio (EAR), N_min, Delta_min

4: Face similarity threshold tau_face

5: TOTP shared secret key K, time step X, drift window w

6: Cryptographic hash functions SHA-256 and HMAC

7: Maximum authentication retries R_max

3. Ensure:

8: Access is granted only if a live face is detected, facial geometry matches the enrolled template, and the TOTP is valid within the allowed time window

4. Initialize:

9: Set retry counter r = 0

10: Set authentication status = FAIL

5. Steps:

11: while r < R_max do

12: Capture a short facial video sequence F from the webcam

13: For each frame f in F, perform quality checks (blur and illumination)

14: Discard frames that do not satisfy quality thresholds

15: Extract 2D facial landmarks {p_i} using MediaPipe Face Mesh

6. Liveness Verification:

16: For each frame, compute Eye Aspect Ratio EAR_t = (||p2 − p6|| + ||p3 − p5||) / (2 × ||p1 − p4||)

17: Mark eye-closed frames where EAR_t <= tau_EAR

18: Count blinks B as valid EAR transitions across consecutive frames

19: Compute head or nose-tip displacement H = ||p_nose(t_final) − p_nose(t_initial)||

20: if (B < N_min) OR (H < Delta_min) then

21: Display “Liveness challenge failed”

22: Increment r = r + 1

23: continue

24: end if

7. Geometric Feature Extraction and Hashing:

25: Select predefined landmark pairs P = {(i_k, j_k)} for k = 1 to D

26: Compute Euclidean distances d_k = ||p_i_k − p_j_k||_2

27: Form feature vector d = [d_1, d_2, d_3, ..., d_D]

28: Apply min–max normalization d_k = (d_k − min(d)) / (max(d) − min(d))

29: Quantize d, concatenate into string S

30: Compute live template hash h_live = SHA256(S || salt || pepper)

8. Template Matching:

31: Retrieve enrolled template vector d_enroll and hash h_enroll

32: Compute similarity distance delta = ||d − d_enroll||_2

33: if delta > tau_face then

34: Display “Face mismatch – access denied”

35: Increment r = r + 1

36: continue

37: end if

1. Face-Bound TOTP Generation:

38: Derive biometric-dependent secret K_prime = HMAC(K, h_enroll)

39: Compute time step T = floor(UnixTime / X)

40: Generate OTP = Truncate(HMAC(K_prime, T))

41: Send OTP to user and start timer

10. TOTP Validation:

42: Receive user-entered OTP input otp_in

43: for i = −w to +w do

44: Compute OTP_i = Truncate (HMAC(K_prime, T + i))

45: if otp_in == OTP_i then

46: Set authentication status = SUCCESS

47: Break

48: end if

49: end for

50: if authentication status == SUCCESS then

51: Grant access and exit algorithm

52: else

53: Display “Invalid or expired OTP”

54: Increment r = r + 1

55: end if

56: end while

57: if authentication status == FAIL then

58: Deny access and log the failed attempt

59: end if

Figure 3. Authentication and one-time password (OTP) verification process

The authentication and OTP verification process is illustrated in Figure 3.

Advancements in AI, deep learning have greatly improved liveness and spoof detection. Models such as Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNNs), and Vision Transformers (ViTs) can now detect subtle differences between live faces and fake artifacts by learning complex patterns from visual data.

• EAR ‑Based Blink Detection Formulation

Liveness verification uses voluntary eye-blink detection based on the EAR. Let p₁ to p₆ denote the six 2D landmarks of one eye obtained from MediaPipe Face Mesh. Here, p1 and p4 represent the horizontal eye corners, while the pairs (p₂, p₆) and (p₃, p₅) correspond to the upper and lower eyelid landmarks.

• The EAR for a single frame is defined as:

$E A R=\frac{\left|p_2-p_6\right|+\left|p_3-p_5\right|}{2 \cdot\left|p_1-p_4\right|}$        (1)

where, ‖·‖ denotes the Euclidean distance between two landmark points.

When the eye is open, the vertical distances ‖p₂ − p₆‖ and ‖p₃ − p₅‖ are comparatively large, producing a higher EAR value. During an eye blink, these vertical distances reduce sharply while the horizontal distance ‖p1 − p4‖ remains nearly constant. This causes the EAR to drop significantly.

• A frame is classified as “eye closed” if:

$E A R<\tau E A R$

where, τEAR is the threshold value (0.22 in our experiments). A blink is detected when EAR stays below τEAR for at least n consecutive frames and then rises above the threshold again. This ensures robustness against noise, momentary tracking errors, and landmark instability.

• Liveness-Challenge Decision Thresholds

During a challenge window of length Tc seconds, the system monitors both eye-blink activity and head-pose variation. Let:

• B = number of detected blinks in the window
• H = maximum head-pose (or nose-tip) displacement measured in the window
• Nmin = minimum number of required blinks
• Δmin = minimum required head-pose displacement
• EARt = EAR value at frame t

A frame t is classified as “eye closed” if:

$E A R<\tau_{\{E A R\}}$        (2)

where, τEAR is the EAR threshold. A blink is counted when EAR remains below τEAR for at least n consecutive frames and then rises back above the threshold. Thus:

$B=\sum_{k=1}^K 1\left\{\right.$ blink $\left._k\right\}$        (3)

where, 1{·} is the indicator function and K is the number of detected blinks in the window.

Head-pose (or nose-tip) displacement is calculated as:

$H=\max _{t \in[1, T]}\left|q_t-q_0\right|$        (4)

where, q₀ is the initial landmark position (e.g., nose tip) and qt is the position at frame t.

The final liveness decision L ∈ {0, 1} is defined as:

$\left\{\begin{array}{c}\text { 1if }(B \geq \text { NminANDH } \geq \Delta \text { min }) \text { wise } \\ \text { 0 otherwise }\end{array}\right.$        (5)

In our implementation, we use τEAR = 0.22, require at least n = 2 consecutive frames for a closed-eye state, set Nmin = 1 blink, and select Δmin based on observed head-pose variations from live user recordings.

C. Mathematical Representation

The TOTP mechanism can be represented as:

$\mathrm{TOTP}=\mathrm{HMAC}(K, T)$         (6)

where, HMAC is the Hash-based Message Authentication (HMAC) Code function, usually implemented with SHA-1, SHA-256, or SHA-512. K is the secret key shared between the client and the server. T is the current time step value derived from the system clock.

1. TOTP:

TOTP is an extension of the HMAC-based One-Time Password (HOTP) standard described in RFC 4226. Instead of an event counter, it relies on specific time intervals, usually every 30 seconds, to generate temporary passwords. In this way, each password can only be used during this short time window, so the risk of replay attacks is greatly diminished by the fact that the OTP automatically expires after its time window.

2. Role of the Shared Secret Key (K):

The shared secret key can be considered a secure link between the user's device and the server. It is generated at the time of registration and remains constant throughout authentication. It is a very sensitive key and should neither be sent nor shared in plain text ever. When a user logs in, the TOTP system combines this secret key with the current time step to create a unique HMAC hash. If this key were ever leaked, attackers could generate legitimate OTPs, putting the entire authentication system at risk.

3. Role of the Time Step (T):

The time step is derived from the Unix timestamp, which counts the number of seconds since January 1, 1970 (UTC). This timestamp is divided by a fixed interval — typically 30 seconds — to generate synchronized codes between the user’s device and the server. As a result, both ends produce matching OTPs within the same time window, ensuring secure and time-bound authentication.

4. Server Client Synchronization of Time:

$\mathrm{T}=\left\lvert\, \frac{\text { current_unix_time }}{30}\right.$        (7)

Clock drift is eliminated through the use of timestamps set according to the universal time standard, synchronized at regular intervals.

5. OTP Drift Correction Mechanism:

For dealing with minor discrepancies in timing drift between the client and server sides, the server checks OTPs over a sliding time window of ± 1 time step. More specifically, it calculates OTPs for:

T-1, T, T+1

If any of these values correspond to the sent OTP, then the authentication process will succeed. This method is drift-resistant and thus enhances usability without any deterioration in security, as the maximum permissible time drift is less than 60 seconds.

6. GFV and Hashing

After liveness verification, a geometric representation of the user’s face is constructed from the 2D landmarks returned by MediaPipe Face Mesh. Let {p_i} for i = 1 to M denote the selected landmark coordinates, where pi = (x_i, y_i) and M is the number of landmarks used (for example, points from the eye, nose, and mouth regions). To obtain a pose- and scale-robust descriptor, we compute pairwise Euclidean distances between a predefined set of landmark pairs P.

For each pair (ik, jk) in P, the distance is:

dk = || pi_k − pj_k ||2, for k = 1, …, D

where, D = |P| is the dimensionality of the geometric vector. In our implementation, P contains (example: 40) landmark pairs, producing a D-dimensional distance vector:

d = [ d₁, d₂, …, d_D]^T

To remove the influence of absolute scale and minor affine variations, the vector d is normalised using min–max normalisation:

d’_k = (d_k − d_min) / (d_max − d_min + ε)

where, d_min = minimum value among all d_k, d_max = maximum value among all dk, and ε is a small constant to avoid division by zero.

The resulting normalized vector is:

$\mathrm{d}^{\prime}=\left[\mathrm{d}_1^{\prime}, \mathrm{d}_2^{\prime}, \ldots, \mathrm{d}_{\mathrm{D}}^{\prime}\right]^{\mathrm{T}}$

This vector is then quantized into a fixed-precision byte format and concatenated into a binary string S. Finally, a non-invertible biometric template is produced by computing the SHA-256 hash:

h = SHA256(S)

Here, h is a 256-bit hash that serves as the stored reference template and also as input to the TOTP secret. Only the hash h is stored on the server; the original geometric vector d’ cannot be reconstructed from h, ensuring strong biometric privacy.

A. Experimental Protocol

The proposed FaceOTP system was evaluated using a structured experimental protocol to ensure transparency and reproducibility. The dataset consists of 15 participants, each performing 3 enrollment sessions followed by 10 authentication attempts, resulting in a total of 150 genuine authentication attempts. Additionally, 60 impostor attempts were conducted to evaluate system robustness against unauthorized access.

Spoofing attack evaluation includes 50 print attack trials, 40 replay attack trials, 30 deepfake attack trials, and 30 OTP replay attempts. All attack scenarios were conducted under identical environmental conditions to ensure fair comparison across different attack types.

The evaluation metrics, including face recognition accuracy, FAR, FRR, liveness detection accuracy, OTP match rate, and spoof attack success rate, were computed based on these experimental counts. Face recognition accuracy is calculated from genuine authentication attempts, FAR from impostor attempts, and FRR from incorrectly rejected genuine users. Liveness detection accuracy is evaluated using both genuine and spoofing samples, while OTP match rate is computed from all OTP validation attempts within the valid time window.

The experimental dataset and protocol details are summarized in Table 2.

Table 2. Experimental protocol and dataset summary

B. Testing Setup

This hybrid authentication system has been implemented and tested on a Windows 11 machine with an Intel Core i5 processor (2.6GHz), along with 8GB RAM and a 720p webcam using FastAPI and SQLite3, while the client module uses OpenCV and MediaPipe for facial feature extraction.

C. Dataset Description

A custom dataset was collected consisting of facial video recordings from 15 participants under controlled indoor conditions. Each participant performed 3 enrollment sessions followed by multiple authentication attempts. A total of 150 genuine authentication attempts and 60 impostor attempts were recorded.

To evaluate robustness against spoofing, additional attack samples were collected, including 50 photo-based attacks and 40 video replay attacks. All recordings were captured using standard laptop webcams with a resolution of 720p at distances ranging from 0.5 m to 1.5 m. The dataset includes variations in head pose, eye blinking, and facial movements to support liveness detection.

· Enrollment Stability and Template Robustness:

To evaluate the stability of the enrolled facial templates, experiments were conducted by varying the number of frames used during user enrollment. Facial templates were generated using 1, 5, 10, and 15 frames, and authentication accuracy was measured under identical testing conditions.

The results indicate that single-frame enrollment leads to higher intra-class variability and increased false rejections. As the number of enrollment frames increases, the facial template becomes more stable due to averaging, resulting in improved recognition accuracy. Accuracy gains saturate beyond 10 frames, indicating diminishing returns for larger enrollment sizes.

Based on these observations, the system adopts a 10-frame enrollment strategy as an optimal balance between robustness and user convenience.

The impact of enrollment frames on accuracy and FRR is shown in Table 3.

Table 3. Enrollment frames vs. face recognition accuracy and False Rejection Rate (FRR)

This dataset forms the basis for all quantitative evaluations reported in the results section.

D. Experimental Outcomes

The overall performance of the proposed system is summarized in Table 4.

Table 4. Experimental outcomes of the proposed FaceOTP system

The values reported in Table 4 are directly derived from the experimental dataset described in Table 2. Face recognition accuracy (95%) is computed from correct recognitions over 150 genuine attempts. The FAR of 3% corresponds to incorrectly accepted impostor attempts out of 60 trials. The FRR of 5% represents genuine users incorrectly rejected during authentication.

Liveness detection accuracy (92%) is calculated using both genuine and spoofing samples, including print and replay attacks. The OTP match rate of 100% is computed from all OTP validation attempts within the valid time window.

The latency of different authentication stages is presented in Table 5.

Table 5. End-to-end latency analysis of authentication stages

The remaining time during authentication is primarily due to user interaction while entering the OTP, giving an overall average authentication time of about 4.5 seconds. This is attributed to relatively small communication overhead.

· Robustness Testing under Environmental Variations:

The system tests involved different light conditions-low, medium, bright), distances of cameras: 0.5m - 1.5m, and Orientations of faces: yaw and pitch of ±20°. The results indicate that the system maintains an error rate below 5% under varying environmental conditions, demonstrating strong robustness and reliability.

· Cross-Device Validation:

Device independence of the system had been evaluated by testing the system on different hardware settings using laptops and cameras of different models. Experiments had been conducted on three devices:

1. Integrated webcam with 720p resolution,
2. External 1080p USB Webcam,
3. Camera of a mobile device that is operable via a browser interface.

The findings indicate that both Facial Landmark Extraction and Liveness Detection modules are reliable on every device with accuracy differences not exceeding ±3%. Using a normalized GFV ensures that no effects of focal lengths, resolutions, or image sensor qualities exist for the authentication procedure. This ensures the universality of developed FaceOTP for all devices.

E. Impact of Frame Rate on Detection Accuracy

For testing the influence of camera frame rate on the performance of authentication, experiments were conducted on three different conditions of camera frame rate: below 15 FPS, ranging between 15-30 FPS, and above 30 FPS.

The accuracy of the liveness detection was found to decrease once the frame rate went below 15 FPS. The primary reason for the degradation of the result accuracy could be attributed to the failure of detecting eye blink occurrences and the inability to record smooth head motion due to a low frame rate.

At frame rates ranging from 15-30 FPS, the system performed well with acceptable results for face detection and liveness verification. Nevertheless, better results were achieved at frame rates above 30 FPS, where facial expressions, such as eye blinking and head movements, were detected effectively.

These indicate that the system can work even at a low frame rate. However, a recommended minimum of 30 FPS will be required for optimal liveness and authenticity detection processes.

F. Comparative Analysis

A comparison of different authentication methods is provided in Table 6.

Table 6. Comparative analysis of authentication methods

Table 6 compares different authentication methods. The proposed system achieves higher security than traditional methods with only a small increase in authentication time.

The proposed FaceOTP system is based on lightweight geometric feature extraction combined with behavioral liveness detection and time-based OTP verification. It achieves reliable authentication performance under controlled experimental conditions while maintaining low computational complexity. This makes the system suitable for real-time applications on standard hardware.

The hybrid approach improves resistance to spoofing compared to face-only authentication by integrating liveness verification with time-based OTP validation, thereby reducing the likelihood of replay and photo-based attacks.

· Ablation Study of FaceOTP Components

An ablation study was conducted to quantify the contribution of each authentication component in the proposed FaceOTP system. Four configurations were evaluated: face recognition only, face recognition with liveness detection, face recognition with OTP, and the complete FaceOTP pipeline.

The results demonstrate that while face recognition alone provides reasonable accuracy, it remains vulnerable to spoofing. The inclusion of liveness detection significantly reduces false acceptances, while OTP verification further mitigates replay attacks. The full FaceOTP configuration achieves the best overall performance in terms of accuracy and security.

The contribution of each system component is analyzed in Table 7.

Table 7. Ablation study of FaceOTP components

The ablation study demonstrates that combining facial recognition, liveness detection, and OTP provides the highest level of security and accuracy compared to individual components.

G. Graphical Results

Figure 4 illustrates the relationship between authentication methods and security strength. The proposed FaceOTP system provides higher security compared to traditional methods while maintaining an acceptable login time.

Figure 4. Security strength vs. login time

· Interpretation:

A line graph is drawn with X-axis: Method of Authentication and Y-axis: Security Strength (arbitrary units). The line is of positive correlation: with increasing factors, security strength improves while keeping the time within reasonable limits. Key Points: X-axis: Method of Authentication Security Strength (arbitrary units) on the Y-axis. The system proposed had a better accuracy by ~5% compared to single-factor face recognition, owing primarily to the added temporal OTP validation and geometric vector matching.

· OTP Validity Window and Usability Analysis

The effect of OTP validity duration on authentication success and user experience was evaluated by testing time windows of 15 seconds, 30 seconds, and 60 seconds.

Shorter OTP windows resulted in increased user errors due to delayed entry, while longer windows increased exposure time without significant usability gains. A 30-second validity window achieved optimal performance, providing a 100% OTP match rate with minimal user frustration.

The effect of OTP validity window on performance is shown in Table 8.

Table 8. One-time password (OTP) validity window vs. authentication success rate

H. Performance Metrics

Apart from overall accuracy, we report the metrics of precision, recall, and F1-score concerning both face recognition and liveness detection. Let TP, FP, FN, TN denote true positives, false positives, false negatives, and true negatives respectively. For the “genuine user” class, the metrics are defined as:

Precision $=T P /(T P+F P)$

Recall $=T P /(T P+F N)$

$\begin{array}{r}F 1-\text { score }=2 \times(\text { Precision } \text { × } \text { Recall }) \\ /(\text { Precision }+ \text { Recall })\end{array}$

Precision quantifies the proportion of accepted attempts that truly belong to authorised users, whereas recall measures the proportion of authorised attempts that are correctly accepted. The F1-score provides a harmonic-mean summary that balances precision and recall. Metrics for the “impostor/spoof’’ class can be computed symmetrically if needed.

The performance metrics for face recognition and liveness detection are presented in Table 9.

Table 9. Performance metrics for face recognition and liveness detection

I. Confusion Matrices

We report confusion matrices for both face recognition (identity classification) and liveness detection. Each matrix summarizes the counts of true positives (TP), false positives (FP), false negatives (FN), and true negatives (TN) for the genuine versus impostor/spoof classes.

The confusion matrices have been revised based on the actual experimental dataset consisting of 150 genuine attempts and 60 impostor/spoof attempts, ensuring consistency with the reported accuracy, FAR, and FRR values.

Table 10. Confusion matrix for face recognition

From the confusion matrix, the performance metrics are calculated as follows (Table 10):

Precision $=\frac{143}{143+2}=0.986$

Recall $=\frac{143}{143+7}=0.953$

F1-score $=\frac{2 \times 0.986 \times 0.953}{0.986+0.953}=0.969$

Table 11. Confusion matrix for liveness detection

These confusion matrices form the basis for computing accuracy, precision, recall, and F1-score reported in Table 9. The values are directly derived from the experimental protocol consisting of 150 genuine/live attempts and 60 impostor/spoof attempts, thereby ensuring numerical consistency throughout the manuscript.

For liveness detection, the overall accuracy is calculated as (Table 11):

Accuracy $=\frac{138+55}{150+60}=0.919$

Accuracy $=91.9 \% \approx 92 \%$

J. Observation

The proposed system presents a very high accuracy in recognition. It achieves OTP validation almost with perfection. Also, the average end-to-end time (overall for face-scanning, liveness, and OTP verification) was under 5 seconds, making it suitable for real-world applications.

All figures, tables, and performance metrics reported in this section are fully derived from the experimental protocol and dataset described earlier, ensuring completeness and reproducibility.

A. Discussion

The experimental results demonstrate that the proposed FaceOTP system provides reliable authentication performance under controlled conditions. The integration of facial recognition, liveness detection, and TOTP verification improves resistance to spoofing attacks compared to single-factor approaches.

The results indicate that liveness detection effectively reduces the success of photo and replay attacks, while OTP verification adds an additional layer of security against replay and credential reuse. The ablation study further confirms that combining all three components results in improved overall system performance compared to using individual components.

However, the evaluation is limited to a small-scale dataset collected under controlled environmental conditions. Variations in lighting, camera quality, and user pose were not extensively explored, which may affect system performance in real-world scenarios. Additionally, the dataset involves a limited number of participants, which may impact the generalization capability of the system when deployed at scale.

The current implementation relies on lightweight geometric feature extraction and does not incorporate deep learning-based anti-spoofing models, which may provide improved robustness against advanced attacks such as high-quality deepfakes. Furthermore, the system assumes stable network conditions for OTP verification and does not evaluate performance under network delays or failures.

Overall, the results demonstrate the feasibility of the proposed hybrid authentication framework, but further validation is required under large-scale and real-world deployment conditions.

B. Future Enhancements

Future work will focus on large-scale evaluation, improved robustness against advanced spoofing attacks, and deployment in real-world environments.