International Journal of Scientific and Research Publication (IJSRP)
Brute force and dictionary attacks on password protected remote login services are increasing rapidly. Letting legitimate user's login conveniently while preventing such attacks is difficult. Automated Turing Tests (ATTs) are effective and easy to implement but cause reasonable amount of inconvenience to the user. The authors discuss the existing and proposed login protocols designed to prevent large scale online dictionary attacks. They propose Password Guessing Resistant Protocol (PGRP), which is derived upon revisiting prior proposals designed to restrict such attacks. PGRP reduces the total number of login attempts from unknown remote host while trusted or legitimate users can make several failed login attempts before being challenged by ATT.