scispace - formally typeset
Search or ask a question
Author

Abdul Ayaz Khan

Bio: Abdul Ayaz Khan is an academic researcher from Information Technology Institute. The author has contributed to research in topics: Password psychology & Password. The author has an hindex of 1, co-authored 1 publications receiving 10 citations.

Papers
More filters
Proceedings ArticleDOI
09 Jul 2010
TL;DR: It is argued that S3TFPAS will allow more secure and complex authentication with a lower cognitive load and provide a strong resistant against shoulder surfing, brute force attack, hidden cam and dictionary attack through dynamic password.
Abstract: The most common computer authentication method is to use alpha numeric user name and password. This method has been shown to have significant drawbacks. User tends to pick short password that can be easily guessed. On the other hand, if password is hard to guess, then it is often hard to remember. The vulnerabilities of textual password are well known. Users tend to pick short password or password that is easy to remember which makes password vulnerable for attackers to break. In this paper, we propose a scalable shoulder surfing resistant textual-formula base password authentication system (S3TFPAS). S3TFPAS seamlessly integrates the textual password and formula to create the strong random password. We argue that S3TFPAS will allow more secure and complex authentication with a lower cognitive load. It will provide a strong resistant against shoulder surfing, brute force attack, hidden cam and dictionary attack through dynamic password.

11 citations


Cited by
More filters
Patent
18 Aug 2011
TL;DR: In this article, a service center receives first media data from a mobile device over a network, including at least one of an image and a voice stream presenting an identity of a user associated with the mobile device.
Abstract: A service center receives first media data from a mobile device over a network, the first media data including at least one of an image and a voice stream presenting an identity of a user associated with the mobile device. The first media data was captured via at least one of a camera and a voice recorder of the mobile device. The user is authenticated by matching the first media data against second media data stored in the service center. The second media data has been previously registered with the service center, where the service center provides support services for a plurality of products on behalf of a plurality of product providers. Upon having successfully authenticated the user, support services are provided to the user for a product that has been registered with the service center by the user on behalf of a vendor.

78 citations

Patent
27 Mar 2006
TL;DR: An object of the present invention is to provide a matrix authentication system that reduces the risk of password leakage.
Abstract: An object of the present invention is to provide a matrix authentication system that reduces the risk of password leakage. A presenting the presentation pattern to a user to be authenticated, a user authentication system for password rules to generate the one-time password by applying the elements of the particular position it contains, the authentication server sends the presentation pattern in combination with the user ID to the authentication requesting client to generate a pattern seed value is a value determined uniquely, the authentication requesting client is in a pattern seed value with the received user ID inputted based on, to generate and display presentation pattern by a predetermined pattern element sequence generation rules, accepts an input of the one-time password from the user and transmitted to the authentication server, the authentication server generates the verification code to reproduce the presentation pattern and, at the same performs user authentication by comparing the one-time password. .The

10 citations

Proceedings ArticleDOI
11 May 2014
TL;DR: This paper analyzes the key derivation functions of popular Android Password-Managers with often startling results and aims to raise the awareness of developers of security critical apps for security, and provide an overview about the current state of implementation security of security-critical applications.
Abstract: Many systems rely on passwords for authentication. Due to numerous accounts for different services, users have to choose and remember a significant number of passwords. Password-Manager applications address this issue by storing the user's passwords. They are especially useful on mobile devices, because of the ubiquitous access to the account passwords.

7 citations

Journal ArticleDOI
TL;DR: In this paper, a reformation-based password scheme involving no mental computation and using no extra device is proposed, which works on the password characters' indices, which change dynamically after each login process.
Abstract: The electronic applications of financial institutions like banks and insurance companies use either token-based, biometric-based, or knowledge-based password scheme to keep the confidential information of their customers safe from hackers. The knowledge-based password scheme’s resistance, particularly its reformation-based password scheme against shoulder surfing attacks, is comparatively better than the other two because its password can be entered in crowded places without fear of shoulder surfers. However, the available reformation based passwords involve mental computation making their usability difficult. Furthermore, they also need an extra device like earphones during password entry causing to create a gap for information leakage. Moreover, most of the passwords store passwords’ actual content on a server database that causes penetration in the financial institutions’ database. In this article, a reformation-based password scheme involving no mental computation and using no extra device is proposed. The proposed scheme works on the password characters’ indices, which change dynamically after each login process. It gets the password characters’ indices from the end-user and obtains his password characters’ indices from the database. Next, the textual passwords are formed from the user-provided indices and those obtained from the database. The textual passwords are then compared, and if found match, then login is succeeded, otherwise failed. Our proposed password scheme’s experimental results on the password data set showed better security and usability compared to state-of-art password schemes.

5 citations

Journal ArticleDOI
TL;DR: The potential security problems caused by simple and weak passwords are studied, drawbacks of some conventional works are discussed, and 3 creative schemes to increase the complexity and strength of passwords by applying the envisioned features are proposed.
Abstract: Summary Secure mechanisms have been adapted to satisfy the needs of mobile subscribers; however, the mobile environment is quite different from a desktop PC or laptop-based environment. The existing attack patterns in mobile environments are also quite different, and the countermeasures applied should be enhanced. In regards to usability, the mobile environment is based on mobility, and thus, mobile devices are designed and developed to enhance the owner's efficiency. To avoid forgetting passwords, people are willing to adopt simple alphanumeric-character combinations, which are easy to remember and convenient to enter. As a result, the passwords have a high probability of being cracked or exposed. In this paper, we study the potential security problems caused by simple and weak passwords, discuss drawbacks of some conventional works, and propose 3 creative schemes to increase the complexity and strength of passwords by applying the envisioned features. Note that our proposals are based on the assumption that the textual passwords are not difficult for users to remember or enter and do not cause inconvenience to users. In other words, the proposed methods can increase the complexity of simple passwords without the awareness of users.

3 citations