Online safe vault.

摘要

The number of services used by people on the Internet continues to grow each day. Some of the services that are used on a daily basis are Electronic mail, Online Banking, Blogs, and Electronic Commerce. Most of these services require the creation of an account with the website. Websites often require the user to choose a username and a password to create an account, which are later used for authentication. The large number of services available on the Internet gives birth to the problem of remembering numerous passwords. Since every user cannot remember secure passwords easily, they tend to choose simple (and perhaps insecure) passwords or the same password for all of the services. There are security implications in either case.;This thesis focuses on designing an online service which manages a user's passwords securely. Since the application is hosted on the Internet, the passwords can be retrieved from anywhere, anytime using an Internet connection. A two-level security is designed using the username, password and the secret key combination and this increases the difficulty for the malicious users trying to retrieve other's passwords. The application encrypts these passwords locally using U.S. government approved 256-bit AES algorithm to ensure secure network communication and password storage. The use of this algorithm provides the ability to allow only the user and not even the application developer to retrieve the passwords. The thesis also focuses on providing anti-phishing and auto-login features in the application. The extensive use of AJAX for the design provides a highly responsive application with a rich user interface.;The thesis also compares the application with other similar systems namely Agatra, mySafeBox and PasswordSafe. The comparison highlights the strengths and weaknesses of each. It also explains how it overcomes the shortcomings of these existing similar systems. Also, discussed are the features that are not integrated in the system right now, but which would make good future enhancements.