Abstract
The electronic applications of financial institutions like banks and insurance companies use either token-based, biometric-based, or knowledge-based password scheme to keep the confidential information of their customers safe from hackers. The knowledge-based password scheme’s resistance, particularly its reformation-based password scheme against shoulder surfing attacks, is comparatively better than the other two because its password can be entered in crowded places without fear of shoulder surfers. However, the available reformation based passwords involve mental computation making their usability difficult. Furthermore, they also need an extra device like earphones during password entry causing to create a gap for information leakage. Moreover, most of the passwords store passwords’ actual content on a server database that causes penetration in the financial institutions’ database. In this article, a reformation-based password scheme involving no mental computation and using no extra device is proposed. The proposed scheme works on the password characters’ indices, which change dynamically after each login process. It gets the password characters’ indices from the end-user and obtains his password characters’ indices from the database. Next, the textual passwords are formed from the user-provided indices and those obtained from the database. The textual passwords are then compared, and if found match, then login is succeeded, otherwise failed. Our proposed password scheme’s experimental results on the password data set showed better security and usability compared to state-of-art password schemes.
Highlights
The financial institutions like banks and insurance companies need security methods like a password for keeping their information secure from hackers [1], [2]
CONTRIBUTIONS Our contributions in this research work are as follows: 1) We identified two research gaps in the available reformation based password schemes: i) they improved client-side security at the cost of usability, ii) their server-side security is not satisfactory
It is found that most of the available reformation-based password schemes do not provide server-side security because they store the actual content of the password on the server database
Summary
The financial institutions like banks and insurance companies need security methods like a password for keeping their information secure from hackers [1], [2]. The direct keying is vulnerable to shoulder surfing, and brute force attacks [19], while the reformation based password scheme proposed in [9], [11]–[13], [37], [39] show comparatively better resistance to these attacks These reformation based password schemes achieved client-side security at the cost of losing usability. This scheme needs an extra earphone device to communicate the challenge password’s characters during the login process. The textual passwords formed on both client and server sides are matched If both match, the login process complete successfully; otherwise, the user is asked to enter the password again
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
