Robust password system based on dynamic factors

摘要

Knowledge-based authentication systems have several drawbacks, but many systems, such as Facebook and Bank of America, still use this method to authenticate legitimate users. Traditional passwords can be easily compromised and the security process jeopardized. More specifically, hackers can capture password information on a network and replay it to gain unauthorized access to a system. Knowledge-based systems that simply use a password are susceptible to this replay attack. This research proposes a new password protocol that improves password security and mitigates replay attacks. Instead of a single static password to authenticate an individual, passwords are created based on a user's input as well as a random ordering of internal and external factors such as system time and weather. A hacker can capture a password generated by one set of factors, but a replay attack will be mitigated due to the non-deterministic factor order. This research proposes a dynamic system architecture that makes any captured data worthless.