##plugins.themes.academic_pro.article.main##

Abstract

Password authentication is an essential form of user authentication both on the Internet and for internal organizational computing systems. Password protection schemes are used to protect relatively low-sensitivity systems such as access to online archives as well as highly sensitive corporate intranets or personal bank accounts. Text password is the most popular form of user authentication on websites due to its convenience and simplicity. However, users’ passwords are prone to be stolen and compromised under different threats and vulnerabilities. Users often select weak passwords and reuse the same passwords across different websites. Routinely reusing passwords causes a domino effect; when an adversary compromises one password, she will exploit it to gain access to more websites.

##plugins.themes.academic_pro.article.details##

Author Biographies

Akshaya Arun Bhosale, Sinhgad Institute of Technology Pune University

Computer Enigeering

R. B. Singh, Sinhgad Institute of Technology Pune University

Computer Engineering
How to Cite
Bhosale, A. A., & Singh, R. B. (2014). Web Based Security using oPass System: A Survey. International Journal of Emerging Trends in Science and Technology, 1(05). Retrieved from http://igmpublication.org/ijetst.in/index.php/ijetst/article/view/195

References

[1] I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, “The design and analysis of graphical passwords,” in SSYM’99: Proc. 8th Conf. USENIX Security Symp., Berkeley, CA, 1999, pp. 1–1, USENIX Association.
[2] Hung-Min Sun,Yao-Hsin Chen and Yue-Hsun Lin, “oPass:A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks”, IEEE Trans. InformationForensics Security, vol. 7, no. 2, April. 2012.
[3] B. Blanchet, “An efficient cryptographic protocol verifier based onprolog rules,” in Proc. 14th IEEE Computer Security FoundationsWorkshop, 2001, pp. 82–96.
[4] L. O’Gorman, “Comparing passwords, tokens, and biometrics for user authentication,” Proc. IEEE, vol. 91, no. 12, pp. 2021–2040, Dec. 2003.
[5] B. Ives, K. R. Walsh, and H. Schneider, “The domino effect of password reuse,” Commun. ACM, vol. 47, no. 4, pp. 75–78, 2004.
[6] S. Gaw and E. W. Felten, “Password management strategies for online accounts,” in SOUPS ’06: Proc. 2nd Symp. Usable Privacy . Security, New York, 2006, pp. 44–55, ACM.
[7] D. Florencio and C. Herley, “A large-scale study of web password habits,” in WWW’07: Proc. 16th Int. Conf. World Wide Web., New York, 2007, pp. 657–666, ACM.
[8] S. Chiasson, A. Forget, E. Stobert, P. C. van Oorschot, and R. Biddle, “Multiple password interference in text passwords and click-based graphical passwords,” in CCS ’09: Proc. 16th ACM Conf. Computer Communications Security, New York, 2009, pp. 500–511, ACM.
[9] P. van Oorschot, A. Salehi-Abari, and J. Thorpe, “Purely automated attacks on passpoints-style graphical passwords,” IEEE Trans. InformationForensics Security, vol. 5, no. 3, pp. 393–405, Sep. 2010.
[10] K.-P. Yee and K. Sitaker, “Passpet: Convenient password managementand phishing protection,” in SOUPS ’06: Proc. 2nd Symp. Usable Privacy Security, New York, 2006, pp. 32–43, ACM