Authentication Mechanism for Resistance to Password Stealing and Reuse Attack
This addresses security vulnerabilities for organizations and users by preventing password reuse and reducing risks like phishing and keylogging, though it appears incremental as it builds on existing two-factor concepts.
The paper tackles the problem of password stealing and reuse in authentication systems by proposing a novel two-factor authentication method that uses a user's phone number and a long-term password to generate one-time passwords for each login session across websites.
Considering computer systems, security is the major concern with usability. Security policies need to be developed to protect information from unauthorized access. Passwords and secrete codes used between users and information systems for secure user authentication with the system. Playing a vital role in security, easily guessed passwords are links to vulnerability. They allow invader to put system resources significantly closer to access them, other accounts on nearby machines and possibly even administrative privileges with different threats and vulnerabilities (e.g., phishing, key logging and malwares). The purpose of this system is to introduce the concept and methodology which helps organization and users to implement stronger password policies. This paper studies a password stealing and reuse issues of password based authentication systems. Techniques and concepts of authentication are discussed which gives rise to a novel approach of two-factor authentication. Avoiding password reuse is a crucial issue in information systems which can at some extent contribute to password stealing issue also. In the proposed system, each participating website possesses a user's unique phone number, telecommunication services in registration and recovery phases and a long-term password used to generate one-time password for each login session on all websites.