Secured Password Technique Using Devices

Abstract

Text based password is most commonly used user authentication .To log on to websites, users must memorize the selected password. Password based authentication can resist brute force and dictionary attacks, if they select a stronger password but users often select weak password for their convenience and remembrance. They reuse password in different sites for simplicity, it would make the attacker to find their passwords in different sites. These are caused by the negative impact of human behavior. Typing password on untrusted computers suffers from stealing of password i.e. shoulder surfing. Then researchers have designed graphical password which made attackers to find out the commonly selective areas (Hotspots). Some researchers have focused on three-factor authentication for reliability and depends on password, token, biometric. For this authentication, the user must input a password and provide a pass code generated by the token, and scan her biometric features (e.g., fingerprint). This is a comprehensive defense mechanism against password stealing attacks, but it requires high cost. Another user authentication is Opass, which uses a cell phone to enter the password. The password that is entered by the user is converted to a one-time password and in this system it provides more security by enabling a encryption for the converted one-time password. By using the cell phone and providing an encryption, the security can be increased. This would reduce the user from remembering from many passwords and thus reduce the password stealing. The user can then successfully enter to their website and enjoy the accessibility. This reduces the negative influence of human factors compared to previous schemes, and is the first user authentication protocol to prevent password stealing (i.e., phishing, keylogger, and malware) and also prevent password reuse attacks simultaneously.