Enhancing Performance of User Authentication Protocol with Resist to Password Reuse Attacks
Text password is the most popular form of user authentication on websites due to its convenience and simplicity. However, user's passwords are prone to be stolen and compromised by different threats and vulnerabilities. Users often select weak passwords and reuse the same passwords across different websites. Typing passwords into untrusted computers suffers password thief threat. The user authentication protocol proposes the oPass enhancement to protect user identity; it requires a long-term password for cell phone protection and account ID for login on all websites. OPass only requires each participating website possesses a unique phone number, and involves a telecommunication service provider in registration and recovery phases for the creation of one-time password. User can recover oPass system with reissued SIM cards and long-term passwords.