International Journal of Network Security
Authentication and key agreement protocol is indispensable-able for today network applications. Many two-factor authentication and key agreement protocols using smart card and password have been proposed over the last decade. However, many of these schemes are vulnerable to password guessing attack due to low-entropy passwords. In this paper, the authors show how to mount an offline password guessing attack against a two-factor authentication protocol. To counter against this type of attack they propose a new scheme which employs biometric information as the third authentication factor beside smart card and password. Biometric information has many positive characteristics that can x the shortcoming of password.