Password Authentication Scheme with Secured Login Interface

TL;DR

This paper introduces a new password input method that encodes characters with random digits, regenerates codes dynamically, and enhances security without hiding input, validated through empirical testing.

Contribution

It proposes a novel dynamic encoding scheme for password input that improves security without requiring hidden or placeholder characters.

Findings

Enhanced resistance to online and offline attacks.

Prototype demonstrates practicality and improved security.

User interface remains easy to use.

Abstract

This paper presents a novel solution to the age long problem of password security at input level. In our solution, each of the various characters from which a password could be composed is encoded with a random single digit integer and presented to the user via an input interface form. A legitimate user entering his password only needs to carefully study the sequence of code that describe his password, and then enter these code in place of his actual password characters. This approach does not require the input code to be hidden from anyone or converted to placeholder characters for security reasons. Our solution engine regenerates new code for each character each time the carriage return key is struck, producing a hardened password that is convincingly more secure than conventional password entry system against both online and offline attackers. Using empirical data and a prototype implementation of our scheme, we give evidence that our approach is viable in practice, in terms of ease of use, improved security, and performance.