PASSWORD KNIGHT SHIELDS PASSWORD STEALING AND RE-USE ATTACK
Passwords are the powerful tools that tend to keep all data and information digitally safe. It is often noticed that text password remains predominantly popular over the other formats of passwords, due to the fact that it is simple and convenient. However, text passwords are not always strong enough and are very easily stolen and misused under different vulnerabilities. Others can acquire a text password when a person creates a weak password or a password that is completely reused in many sites. In this condition if one password is stolen, it can be used for all the websites. This is called as the Domino Effect. Another risky environment is when a person enters his/her password in a computer that is not trust-worthy; the password is prone to stealing attacks such as phishing, malware and key loggers etc. In this paper, a user authentication protocol named Password Knight is designed, that makes use of the customer’s cellular phone and short message service to ensure protection against password stealing attacks. Password Knight requires a unique phone number that will be possessed by each participating website. The registration and the recovery phases involve a telecommunication service provider.
D Caine, V Radhey Shyam and G Michael