International Journal of Network Security
Password is the most commonly used authentication technique to authenticate the users on the web. Password based authentication protocols are susceptible to dictionary attacks by means of automated programs because most of the user chosen passwords are limited to the user's personal domain. In this paper, the authors propose an inverse cookie based virtual password authentication protocol that preserves the advantages of basic password authentication and simultaneously increasing the efforts required for online dictionary attacks. The Web server stores the cookie on the client's computer when the client has not submitted correct identity and password for its authentication to the Web server.