Authors: Nawaf Aljohani; Joseph Shelton; Kaushik Roy
Addresses: Department of Computer Science, Institute of Public Administration, Riyadh, KSA, Saudi Arabia ' Department of Computer Science, North Carolina A&T State University, Greensboro, USA ' Department of Computer Science, North Carolina A&T State University, Greensboro, USA
Abstract: Since the invention of the internet, text-based passwords have been utilised to authenticate users. This method is the most prevalent form of authentication but it has many drawbacks. An alternative password protocol is necessary to overcome the drawbacks in the traditional password system. This research proposes a novel password protocol that overcomes most password attacks. This research highlights many password attacks and shows how the proposed protocol mitigates them. Instead of a single static password being used to authenticate an individual, passwords are created based on the user's input in three password boxes and the proposed protocol reorders the textboxes randomly. A hacker can capture a password generated by login requests, but password attacks will be mitigated due to the non-deterministic random order in each login request. The proposed password protocol architecture makes any captured data worthless.
Keywords: text-based passwords; password schema; password-based authentication; static password; keyloggers; observe attack; guessing attack; intercepting network; non-deterministic.
International Journal of Information Privacy, Security and Integrity, 2017 Vol.3 No.2, pp.75 - 95
Received: 14 Nov 2016
Accepted: 05 Jun 2017
Published online: 07 Dec 2017 *