Integrating the Dynamic Password Authentication with Possession Factor and CAPTCHA

摘要

In a previous study, the researchers presented the Dynamic Password Authentication that was designed with an uncomplicated algorithm so it was applicable for several platforms, e.g., web application, network device, and mobile application. This Dynamic Password Authentication was practically implemented and the system analysis was discussed in terms of security, speed, and ease of use by comparing it with the Cisco CHAP authentication. Differently, this study presented an integration of the Dynamic Password Authentication with a possession factor and CAPTCHA to make the system more secured by typically focusing on creating a shortest, fastest, and simplest process. On this matter, we tried out with user's e-mail as the possession factor since there was a low rate of errors than using a mobile phone that could be broken, lost, or replaced more often than the e-mail. Meanwhile, a CAPTCHA question was taken by clicking the link in the e-mail that offered a better security than presenting the CAPTCHA question directly on a log-in page. In fact, this paper presented the model and the system analysis to point out different benefits of the proposed authentication system.