Enhanced Online Authentication Using Virtual Password

Most common applications use plain text password for authentication. The plain text password can be transferred via a secure channel to protect the secured information by using complex network techniques, even though the security of an application approach is still vulnerable to attacks like phishing, key-logger and shoulder-surfing, before sending the request to the server. We can handle these attacks up to some extend by using few bio-metric authentication schemes but usability rate is very as compared with the plain text password authentication because of requirement of external hardware, extra cost and maintenance difficulty over longer time. We propose a virtual password concept involving a small amount of human computation to secure the user credentials. In this paper we propose a “Enhanced on-line authentication by using Virtual password”, algorithm that handles the phishing, key-logger and shoulder-surfing attacks very effectively. The algorithm uses dynamic password which is changed every time of user login. The user produces a dynamic password based on a static password stored in his/her memory. Similar calculations are performed on server’s side. Hence authenticate user is identified and the same time static password is not exposed to the online threats.