Online Journal of Computing Technologies
In this paper, the authors proposed a user authentication protocol named OPass which leverages cellphones and SMS to thwart password stealing and password reuse attacks. They assume that each website possesses a unique phone number. They also assume that a telecommunication service provider participates in the registration and recovery phases. The design principle of OPass is to eliminate the negative influence of human factors as much as possible. Through OPass, each user only needs to remember a long-term password which has been used to protect her cellphone. Users are free from typing any passwords into untrusted computers for login on all websites. Compared with previous schemes, OPass is the first user authentication protocol to prevent password stealing (i.e., phishing, key-logger, and malware) and password reuse attacks simultaneously.