Password Security

Abstract:
Authentication is the first line of defense against compromising confidentiality
and integrity. Though traditional login/password based schemes are easy to implement,
they have been subjected to several attacks. As alternative, token and biometric based
authentication systems were introduced. However, they have not improved substantially
to justify the investment. Thus, a variation to the login/password scheme, viz. graphical
scheme was introduced. But it also suffered due to shoulder-surfing and screen dump
attacks. In this paper, we introduce a framework of our proposed Implicit Password
Authentication System, which is immune to the common attacks suffered by other
authentication schemes.

Existing System:
Token based systems rely on the use of a physical device such as smartcards or
electronic-key for authentication purpose. Graphical-based password techniques have
been proposed as a potential alternative to text-based techniques, supported partially by
the fact that humans can remember images better than text. In general, the graphical
password techniques can be classified into two categories: recognition-based and recall
based graphical techniques.
In recognition-based systems, a group of images are displayed to the user and an
accepted authentication requires a correct image being clicked or touched in a particular
order. In recall-based systems, the user is asked to reproduce something that he/she
created or selected earlier during the registration phase. Recall based schemes can be
broadly classified into two groups, pure recall-based technique and cued recall-based
technique.

Proposed System:
In this paper, we focus only on what you know types of authentication. We
propose our Implicit Password Authentication System. IPAS is similar to the Pass Point

scheme with some finer differences. In every what you know type authentication
scheme we are aware of, the server requests the user to reproduce the fact given to the
server at the time of registration. This is also true in graphical passwords such as Pass
Point. In IPAS, we consider the password as a piece of information known to the server at
the time of registration and at the time of authentication, the user give this information in
an implicit form that can be understood only by the server.

Modules:
1.

Create User profile Vector:

While registration of user information, the user id, security question and

answer are getting for creating profile vector. Every user selects answer for
security questions at the time of registration and provides their individual answer.
For each question, the system then either creates an authentication space .Once
the authentication space is created, the system is ready for authenticating a user.
2.

Generate Random Question:

For each question, the server may choose a random scenario from the

authentication space that represents the correct answer. The chosen scenario will
have one or more clickable points that represent the answer to the question
provided by the particular user.
3.

Compare User Profile/login Profile:

Enters User name and answer as location points for the random
security question will decide that the user is legitimate or an imposter. the
authentication information is presented to the user in an implicit form that can
be understood and decoded only by the legitimate end user.

System Requirements:
Hardware Requirements:
Processor

Intel Duel Core.

Hard Disk

60 GB.

Floppy Drive

1.44 Mb.

Monitor

LCD Colour.

Mouse

Optical Mouse.

RAM

512 Mb.

Software Requirements:
Operating system

Windows XP.

Coding Language

ASP.Net with C#

Data Base

SQL Server 2005