Authors: A.T Akinwale, F.T Ibharalu
Ann. Univ. Tibiscus Comp. Sci. Series VII/2 (2009), 77-85
Abstract
This paper presents a novel solution to the age long problem of password security at input level. In our solution, each of the various characters from which a password could be composed is encoded with a random single digit integer and presented to the user via an input interface form. A legitimate user entering his password only needs to carefully study the sequence of code that describe his password, and then enter these code in place of his actual password characters. This approach does not require the input code to be hidden from anyone or converted to placeholder characters for security reasons. Our solution engine regenerates new code for each character each time the carriage return key is struck, producing a hardened password that is convincingly more secure than conventional password entry system against both online and offline attackers. Using empirical data and a prototype implementation of our scheme, we give evidence that our approach is viable in practice, in terms of ease of use, improved security, and performance.