ABSTRACT
The
paper examined the graphical password authentication
system using intuitive approach. The quest for the application of tighter
security measures to web, desktop and mobile applications developed have been a
major concern to a lot of people. Faced with the challenges of poor security
and vulnerability of users, resulting to applications being hacked by
unauthorized people, the researcher delved into developing a more secured login
application that sends a secret passcode to the registered phone number of a
user for identification purpose. The aim of the application is basically to
ensure that users are safe, and all logins are authorized. The application was
developed with PHP, MYSQL, CSS, BOOTSTRAP AND HTML technologies.
CHAPTER ONE
INTRODUCTION
INTRODUCTION
With
the development of science and technology and means of storage and exchange of
information in different ways, or so-called transfer of data across the network
from one site to another site, became to look at the security of data and
information is important; we need to provide protection for the information of
the dangers that threaten them or attack them through the use of tools to
protect information from internal or external threats. In addition to the
procedures adopted to prevent access information into the hands of unauthorized
persons through communications and to ensure the authenticity of these
communications.
Today security concerns are on the
ascent in all areas. Most systems today rely on static passwords to verify the
user’s identity. Users have a propensity to use obvious passwords, simple
password, easily guessable password and same password for multiple accounts,
and even write their passwords, store them on their system or asking the
websites for remembering their password etc. Utilization of static passwords in
this expanded dependence on access to IT systems progressively presents
themselves to Hackers, ID Thieves and Fraudsters. In addition, hackers have the
preference of using numerous techniques / attacks such as guessing attack,
shoulder surfing attack, dictionary attack, brute force attack, snooping
attack, social engineering attack etc. to steal passwords so as to gain access
to their login accounts. Quite a few techniques, strategies for using passwords
have been proposed but some of which are especially not easy to use and
practice. To solve the password problem in banking sectors and also for online
transaction two factor authentications using OTP and ATM pin / cards have been
implemented.
OBJECTIVE
OF THE STUDY
The project aims and objectives that
will be achieved after completion of this project are discussed in this
subchapter. The aims and objectives are as follows:
1. Avoid the risks related to the use
password.
2. Limit the unauthorized access to
accounts.
3. Verification of the person requesting
access to the system.
4. Building authentication process with
low cost.
5. To take advantage of users smartphone’s
STATEMENT
OF THE PROBLEMS
In recent years, increased interest
institutions and organizations in the security aspects of their networks and
systems, and among these aspects to verify that the person requesting access to
the system that he is the person who claims that he/she is, this process called
Authentication, in most systems are using a password only to access the system
for login process. Below are some problems and risks for the use of password in
the user authentication process:
1. Recently it became Breakthroughs
systems, websites and personal accounts are a large and different ways, because
of weak protection of those systems methods so it was necessary to find ways
more secure to protect those systems.
2. Passwords become easier to guess.
3. Short passwords are easy to guess and
crack.
4. Equipment and software often has
standard pre-configured passwords (default passwords).
5. Most people they have many account use
same password for all these accounts.
SIGNIFICANCE
OF THE STUDY
With the development of computer
science progressed accordingly ways to hack, and different ways plus
sensitivity of data; as a result, the greater the need to find solutions to
overcome the weaknesses those hackers exploits it, we will give a proposal for
two level user authentications to access the system.
SCOPE OF THE STUDY
The
two way mobile authentication system is an innovative technology used to solve
the existing problems of the present one factor authentication which is a
simple username and a password. The two way mobile authentication solves this
problem by using a strong authentication with the combination of ―something you
know‖,
―something you have‖ and ―something you are‖. When compared the
above three methods individually, all the methods have some vulnerabilities.
Something you know—may
be shared, something you have –may be stolen and something you are stronger but
it is expensive to use in all the cases. So the combination provides a stronger
authentication.
The
project is aimed towards the realization of a strong two factor authentication
using mobile device to
1. Provides
with a cost effective and user friendly authentication.
2. Avoids
the use of a simple username and password system which is not secure anymore.
3. Using
the mobile as your authentication token.
4. Ease
to use any existing applications on web.
5. No
additional use of hardware.
6. Easy
to deploy.