Three Level Password Authentication Systems

The project is an authentication system that validates user for accessing the system only when
they have input correct password. The project involves three levels of user authentication. There
are varieties of password systems available, many of which have failed due to bot attacks while
few have sustained it but to a limit. In short, almost all the passwords available today can be
broken to a limit. Hence this project is aimed to achieve the highest security in authenticating
users.

It contains three logins having three different kinds of password system. The password difficulty
increases with each level. Users have to input correct password for successful login. Users would
be given privilege to set passwords according to their wish. The project comprises of text
password i.e. pass phrase, image based segmentation password and graphical password for the
three levels respectively. This way there would be negligible chances of bot or anyone to crack
passwords even if they have cracked the first level or second level, it would be impossible to
crack the third one. Hence while creating the technology the emphasis was put on the use of
innovative and nontraditional methods. Many users find the most widespread text-based
password systems unfriendly, so in the case of three level password we tried creating a simple
user interface and providing users with the best possible comfort in solving password.
Existing System
Token Based Authentication: Token based techniques, use tokens such as key cards, bank
cards and smart cards that are widely used by everyone. Most of the token-based authentication
systems also use knowledge based techniques to enhance the security of the system. The use of
ATM cards together with a PIN number can be stated as an example Biometric Based
Authentication: Biometric based authentication techniques, such as fingerprints, iris scan, or
facial recognition, are not yet widely adopted as this approach can be expensive, and the
identification process can be slow and often unreliable i.e., it is not reliable since it is time
consuming.

Proposed System
These are the major drawbacks of this approach. However, this type of biometric based
authentication techniques provides the highest level of security. Knowledge Based
Authentication: The most widely used authentication technique is the knowledge based
techniques and it includes both text-based and picture-based passwords. The picture-based
password techniques can be further divided into two different categories: recognition-based
technique and recall-based graphical techniques. While using the recognition-based techniques, a
user is presented with a sequence of images and the user passes the authentication by recognizing
or identifying the images he selected during the registration phase. A user is asked to reproduce
something that he or she created or selected earlier during the registration stage, while using the
recall-based techniques.
Modules

SETUP IMAGE LEVEL AUTHENTICATION

The new scheme stated should not be either recall based or recognition based only.
Instead, the scheme should be a combination of recall-based technique, recognition-based
technique, image ordering, colour pixel selection and one time password. Users ought to have
the freedom to select the first two levels of password i.e. the selection of images and colour
pixels in the same order in the first and second levels of password respectively. This freedom of
selection is necessary as the users are different and each user may have different requirements.
Hence, the user’s freedom of selection is important to ensure high user acceptability.

IMAGE ORDERING SECURITY

The first level i.e., the image ordering simply means the selection of previously set
images in the same order. From a sequence of images, the user can select few images at random.
The images provided are commonly used, user friendly and easy to remember images. For
example, we can set a count, say three. So the maximum limit of image selection will be set to
three images. During authentication phase, the sequence of images will be given in a shuffled
order, from which the user selects the same set of images chosen during registration phase in the
same order. In case of any invalid selection of images, the system will be locked automatically
after few trials based on the count given.

COLOUR PIXELS SECURITY

After image ordering, we move to the second level i.e., the selection of colour pixels. The
user can select a single colour pixel from the different blocks of colours provided. For example,
we can set a count, say one. So the maximum limit of colour pixel selection will be set to one.
During authentication phase, the previously set images should be chosen in the first level and
then the user will be redirected to the second level i.e. the colour pixel selection, where the user
selects the same colour pixel chosen in the registration phase. In case of any invalid selection of
images or colour pixel the system will be locked automatically after few trials based on the count
given.

ONE TIME PASSWORD SECURITY

In the Third level, we make use of one time password (OTP) that is a password which is
valid for a single session. We securely generate and verify the OTP using Smartphone. The
generated OTP can be send to a mobile phone in the form of SMS as SMS messaging has a high
potential to reach all the customers with a low total cost of ownership or Smartphone can be used
as token or platform for creating OTP . Thus we can call it SMS OTP or OTP generated through
Smartphone the OTP generated will be valid only for a short period of time and it is generated
and verified using Hash Functions and Secured Cryptographic Algorithm such as SHA-1. The
system we proposed been implemented and tested successfully.

SECURITY VERIFICATION

Recognition bases technique, which is a sub-division of Graphical passwords. Graphical

passwords show how the user can recall and recognize pictures better than words. Some of the
graphical password schemes requires a long time to be performed. Its major disadvantage is that
while the user is performing the graphical password, it can be easily observed and recorded by an
intruder and thus it is vulnerable to shoulder surfing attacks.
The 3-level password system is a multifactor authentication scheme. It combine the
benefits of existing authentication schemes to form the 3-levels of secure password. The 3-level
of password is constructed using the exciting features of the current authentication systems such
as image ordering, colour pixels and one time password.
HARDWARE REQUIREMENTS:

• System : Dual Core Processor.

• Hard Disk : 320 GB.
• RAM : 2 GB
• Monitor : 15 VGA Colour.
• Mouse : Logitech.
• Ram : 512 Mb.

SOFTWARE REQUIREMENTS:

• Operating system : Windows XP or Later.

• Coding Language : PHP
• Server : Apache
• Tool : Macromedia Dream viewer
• Data Base Tool : Sqlyog
• Data Base : MYSQL Server.