Retrieved de https://studentshare.org/information-technology/1454440-dqweek
https://studentshare.org/information-technology/1454440-dqweek.
Passwords are used to prevent illegal access to imperative information, user accounts, such as computer system, e-mails, financial accounts etc. and they must also ensure to provide guaranteed security of the crucial information. However, a traditional password verification system inquires the user for provision of a surreptitious sequence of characters (password) to ensure that a right person/user is getting access to his personal system. Simplicity is the power of this method, however, the simplicity is the biggest problem as well, since it can easily be get hacked by the intruder by many reasons.
To counter this problem, many solutions are available that includes Virtual Private Networks (through tunneling Protocols), Encryption/decryption, RSA (through Public Key Cryptography) etc. but these are too complex to apply at large group of general public.Keeping in view the above weaknesses of the traditional password system, there is an immense requirement to design an interactive password system as previously done by Tsutomu Matsumoto (1996), Michael K. Reiter (1999), Taekyoung Kwon (2000) and many other great authors of information security.
However, the some interactive systems were complex, while the others were time consuming. In order to design interactive password system, we need to take strings from the user based on several questions rather than a single string password. Subsequently, we have to use the input strings in a meaningful manner and introduce randomness to develop an interactive password system. Involvement of randomness on the basis of the user’s questions might be easy for the user to remember the answers of the questions; the user will need to remember/keep the answers or rules of the questions rather than keeping a password string.
Once the input strings have been taken from the user, in order to further progress the design of the interactive password system, there could be two ways i-e first is to generate password utilizing input string by different cryptography, encryption decryption, involvement of special characters, mixture of small and capital characters along with numbers, self generation algorithm as done by William H. Haubert (2002) etc. or the second way could be to generate a rule based system to create the surreptitious set of rules and regulations, control the rules that would be associated to the users and subsequently, the actual login interface for the said system.
The above design will not allow users to select an easy password like MS Outlook’s Password Management Protocol. As the design is based on an interaction with the user’s secret questions and an involvement of randomness makes it harder for intruders to guess the password as well as for the hacking software. Reference ListAnderson, J., Ross. 2008. Security Engineering – 2nd Edition. Canada: Wiley Publishing Inc.William H. Haubert. 2002. An Interactive Approach to Secure and Memorable Passwords.
University of Virginia
Read More