The achievement of authentication on the net Essay

The direct relation between popularity and ease of use proves how handiness is crucial for a deployment of any authentication system. explained how we can defense and when we can practice the weak and strong passwords according to the levels of authentication assurance in security systems. However, authentication on the Net could be achieved by using technologies that rely on user centered software solutions.
Authentication of users on the Internet is a major concern, since there is no perfect solution to solve it. This drawback is due to the basic protocols and client HTTP is not designed to authenticate users, neither is HTML to conduct authentication interaction with users.
Suppose an attacker manages to steal username and password pair from a user. It is still impossible to access the system without registered devices. In order to access the system, the attacker needs to have the registered mobile device together with the username and password.
With the proposed system, it is impossible to perform the brute-force attack. The one-time password is encoded into the form of QR Code, and it is to be decoded by the mobile application. Brute force attack can only be performed to get username and password, but it is meaningless unless the attacker has the registered device.
Phishers cannot exploit a breach in the system since there is no use setting up a spoof of a website, since QR Code can only be decoded and mobile device is used as a unique identifier. Each mobile device is unique, which means each is different from others. Thus, threats from phishing and man-in-the-middle attack can be overcome.
Data security is a common concern in the proposed scheme. From the proposed idea, the data processed should be transmitted in the proper encrypted form. Despite the fact above, it is still a big challenge because users have to rely on the service providers for the appropriate security .
Many users constitute their passwords with simple information easy to remember or short words. Such simple password is likely to be guessed by a malicious third person who refers to the information related to the user. The suggested authentication method, however, transmits passwords by means of encoding the OTP into QR code process. The function makes it hard to guess what the password is since QR code is a machine readable code and hard to be translated by human. Furthermore, even if the password is rightly guessed, it is impossible to use the same OTP since it is generated once for each session and it is changed by the event, so the final authentication is never obtained.
Every information, message, or authentication data is offered through packet transmission. Accordingly, if the information-including packet is attacked by a vicious third person, the messages and information in the form of text are exposed directly. The suggested authentication method, however, is safe from such packet sniff because crucial packets are never exposed thanks to the one-way hash function, while only unimportant data are possibly read by the third one.