A secured authentication protocol which resist password reuse attack

Passwords are the powerful tools that tend to keep all data and information digitally safe. It is frequently noticed that text password remains predominantly popular over the other formats of passwords, due to the fact that it is simple and expedient. However, text passwords are not always sturdy enough and are very easily stolen and misused under different vulnerabilities. Other persons can obtain a text password when a person creates a weak password or a password that is completely reused in many sites. In this condition if one password is hacked, it can be used for all the websites. This is called the Domino Effect. Another unsafe situation is when a person enters his/her password in a computer that is not trust-worthy; the password is prone to stealing attacks such as phishing, malware and key loggers etc. Among the most significant current threats to online banking are keylogging and phishing. These attacks extract user identity and account information to be used later for unauthorized access to user´s financial accounts. This paper proposes a user authentication protocol which leverages a user´s Android Smartphone and short message service to resist password stealing and password reuse attacks. This protocol only requires each participating website possesses a unique phone number and users only need to remember a long-term password for login on all websites. To provide more security to Android Smartphone, an additional method called color pattern screen locking is also proposed in this paper.