Highly Secure and Easy to Remember Password-Based Authentication Approach

Sayed Elham Sadat; Hedayatullah Lodin; Nazak Ahmadzai

doi:10.55544/jrasb.2.1.18

Authors

Sayed Elham Sadat Assistant Professor, Computer Science Faculty, Department of Information Technology, Kabul Education University, Kabul, AFGHANISTAN.
Hedayatullah Lodin Assistant Professor, Computer Science Faculty, Department of Information Systems, Kabul University, Kabul, AFGHANISTAN.
Nazak Ahmadzai Education Faculty, Department of Computer Science, Paktia University, Gardiz City, Paktia, AFGHANISTAN.

DOI:

https://doi.org/10.55544/jrasb.2.1.18

Keywords:

attacks, brute force attack, complex password, dictionary attack, password, password generator, password recovery, secure password, strength checker

Abstract

Everyone connected and using the Internet is concerned regarding the security and also the privacy of their sensitive information available on the Internet. As authentication is the fundamental part of security, there are different authentication mechanisms through which the systems can be secured. The password-based authentication mechanism is a cheap and easy method for enforcing authentication in the systems for many years. The weakest aspect in password security is human, as they choose weak and easy to guess passwords or a highly secure and complex password which might be difficult to remember and recover the password. On the other hand, Dictionary and Brute force attacks are widely used to compromise the passwords of the users over the Internet. In this paper, a password generation system is proposed which generates a password based on the user’s input like, time and location data. The system generates a password that is highly secure, easy to remember, easy to recover, and can effectively defend against Brute force and dictionary attacks. The generated passwords have been checked in three online password checkers, which verifies that the system is generating highly secure and crack resistant passwords. The system is implemented using PHP scripting language with a user-friendly environment.

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...

References

Verizon, "2017 Data Breach Investigations Report," Verizon, United States, 2017.

D. He, X. Yang, B. Zhou, Y. Wu, Y. Cheng and N. Guizani, "Password Enhancement Based on Semantic Transformation," IEEE Network , vol. 34, no. 1, pp. 116 - 121, 2019.

C. M. Frenz, "Improving Organizational Password Policy Compliance via Open Source Tools," in 2011 IEEE World Congress on Services, USA, 2011.

Y. Liu, W. Zhang, X. Peng, Y. Liu, S. Zheng, T. Wei and L. Wang, "Design of password encryption model based on AES algorithm," in 2019 IEEE 1st International Conference on Civil Aviation Safety and Information Technology (ICCASIT), China, 2019.

P. Tsokkis and E. Stavrou, "A password generator tool to increase users' awareness on bad password construction strategies," in 2018 International Symposium on Networks, Computers and Communications (ISNCC), Italy, 2018.

Y. Zhao, W. Li, Z. Zhang and P. Wang, "Password Expiration Strategy: A Perspective of Ecological Memory," in 2019 IEEE Fifth International Conference on Big Data Computing Service and Applications (BigDataService), 2019.

A. Ade-Ibijola and B. Ogbuokiri, "Syntactic Generation of Memorable Passwords," in 2019 International Multidisciplinary Information Technology and Engineering Conference (IMITEC), South Africa, 2020.

S. N. Basharzad and M. Fazeli, "Knowledge based dynamic password," in 2017 IEEE 4th International Conference on Knowledge-Based Engineering and Innovation (KBEI), Iran, 2017.

J. B. Billa, A. Nawar, M. M. H. Shakil and A. K. Das, "PassMan: A New Approach of Password Generation and Management without Storing," in Conference: 2019 7th International Conference on Smart Computing & Communications (ICSCC), 2019.

F. A. Maqbali and C. J. Mitchell, "AutoPass: An automatic password generator," in 2017 International Carnahan Conference on Security Technology (ICCST), Spain, 2017.

W. Zheng and C. Jia, "CombinedPWD: A New Password Authentication Mechanism Using Separators Between Keystrokes," in 2017 13th International Conference on Computational Intelligence and Security (CIS), China, 2017.

M. Z. F. Rahiemy, P. Sukarno and E. M. Jadied, "Hardening the Virtual Password Authentication Scheme," in 2018 6th International Conference on Information and Communication Technology (ICoICT), Indonesia, 2018.

S. Khan and F. Khan, "Attempt based password," in 2016 13th International Bhurban Conference on Applied Sciences and Technology (IBCAST), Pakistan, 2016.

H. A. Dinesha and V. K. Agrawal, "Multi-level authentication technique for accessing cloud services," in 2012, India, 2012 International Conference on Computing, Communication and Applications.

C.-Y. Huang, "An Integrated Mechanism for Resetting Passwords in Web," in The 2017 International Conference on Computational Science and Computational Intelligence (CSCI'17), At Las Vegas, NV, USA., USA, 2017.

F. A. Maqbali and C. J. Mitchell, "Email-based Password Recovery - Risking or Rescuing Users?," in 2018 International Carnahan Conference on Security Technology (ICCST), Canada, 2018.

"Kaspersky Password Checker," Kaspersky, [Online]. Available: https://password.kaspersky.com/.

Thycotic Password Strength Checker," Thycotic , [Online]. Available: https://thycotic.com/resources/password-strength-checker/.

"Cryptool Password Meter," Cryptool Password Meter, [Online]. Available: https://www.cryptool.org/en/cto-highlights/passwordmeter.