A SECURE AND USER-EFFICIENT AUTHENTICATION MECHANISM FOR INFORMATION PROTECTION

Abstract

Today most organizations employ password composition policy (PCP) to prevent users from creating weak passwords. But, users always succeed to fmd an. easy escape that satisfies PCP but contain vulnerable patterns in user password like "Aalok@85 ". This dissertation work presents a ProActive Random Password Generation Algorithm to overcome vulnerable user habits. A random password is generated by inserting random numerical digits and special symbols in a randomly chosen word. Generated password is checked against certain attacker approaches during ProActive analysis. If ProActive analysis results negative then password is discarded and process starts all over again. The strength of generated passwords is tested against `John the Ripper' password cracking tool and a mathematical notion Password Quality Indicator (PQI). A well known fact is that text-based passwords authentication system involves tradeoff between security and memorability of the passwords. To help users in remembering password, both the word used to generate the password and how the password is generated is provided. The memorability of the proposed technique is evaluated by conducted an online survey. The excellent users' reviews have shown acceptability of the scheme.