Research & Reviews: Journal of Internet & Networking (e-ISSN: 3107-4839)

Any online banking system must have authentication, and many banks and other services have long used username/password combinations to confirm users. It becomes difficult and ineffective to commit many accounts' usernames and passwords to memory. Furthermore, a wide range of attacks that can be directed at individuals, networks, or authentication servers might still affect legacy authentication systems, which have repeatedly failed. Reports of data breaches throughout the years highlight how hackers have developed a variety of sophisticated methods to gain user passwords, which can be quite dangerous. Using personal devices, we present an effective and workable user authentication strategy in this study that makes use of many cryptographic primitives, including hashing, digital signatures, and encryption. A safe authentication process may be executed by users thanks to the technique's broad use of ubiquitous computing and a variety of intelligent wearable and portable gadgets. Our suggested method identifies and confirms the validity of the login users without the need for an authentication server to keep track of static username and password tables. It can withstand phishing, shoulder-surfing, replay, and data breach assaults in addition to being safe from password-related attacks.

Sadqi, Y., Asimi, A., & Asimi, Y. (2014). A lightweight and secure session management protocol. Lecture Notes in Computer Science, 319–323.

Stuttard, D., & Pinto, M. (2011). The web application hacker’s handbook: Finding and exploiting security flaws. Wiley.

Fu, K., Sit, E., Smith, K., & Feamster, N. (2001). Dos and don’ts of client authentication on the Web. In Proceedings of the 10th USENIX Security Symposium (Vol. 222, pp. 251–268).

Bonneau, J., Herley, C., van Oorschot, P. C., & Stajano, F. (2012). The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. Proceedings of the IEEE Symposium on Security and Privacy, 553–567.

Bonneau, J., & Preibusch, S. (2010). The password thicket: Technical and market failures in human authentication on the Web. In Proceedings of the Ninth Workshop on the Economics of Information Security.

Stuttard, D., & Pinto, M. (2011). The web application hacker’s handbook: Finding and exploiting security flaws. Wiley.

Yan, J., Blackwell, A., Anderson, R., & Grant, A. (2000). The memorability and security of passwords: Some empirical results (Technical report). University of Cambridge Computer Laboratory.

Florencio, D., & Herley, C. (2007). A large-scale study of web password habits. In Proceedings of the 16th International World Wide Web Conference (pp. 657–666).

Allan, A. (2004). Passwords are near the breaking point. Gartner Research.

Stajano, F. (2011). Pico: No more passwords. In Proceedings of the Security Protocols XIX Workshop.