ProcurePass: A User Authentication Protocol to Resist Password Stealing and Password Reuse Attack

2013 
The most popular form of user authentication is the text password, which is the most convenient and the simplest. Users mostly choose weak passwords and reuse the same password across different websites and thus, a domino effect. i.e., when an adversary compromises one password, she exploits, gaining access to more websites. Also typing passwords into public computers (kiosks) suffers password thief threat, thereby the adversary can launch several password stealing attacks, such as phishing, key loggers and malware. Therefore user's passwords tend to be stolen and compromised under different threats and vulnerabilities. A user authentication protocol named Procure Pass, which benefits a user's cell phone and short message service to prevent password stealing and password reuse attacks. Procure Pass adopts the one-time password strategy, which free users from having to remember or type any passwords into conventional public computers for authentication. In case of users lose their cell phones, this still works by reissuing the SIM cards and long-term passwords.
    • Correction
    • Source
    • Cite
    • Save
    • Machine Reading By IdeaReader
    9
    References
    5
    Citations
    NaN
    KQI
    []