International Journal of Computer Science and Network Security
Passwords are a common form of authentication and are often the only barrier between a user and their personal information. There are several programs attackers can use to help guess or \"Crack\" passwords, but by choosing good passwords and keeping them confidential, the user can make it more difficult for an unauthorized person to access their information. The authors propose a new Password Guessing Resistant Protocol (PGRP), derived upon revisiting prior proposals designed to restrict such attacks. While PGRP limits the total number of login attempts from unknown remote hosts to as low as a single attempt per username, legitimate users in most cases (e.g., when attempts are made from known, frequently-used machines) can make several failed login attempts before being challenged with an ATT.