Stronger authentication for password using virtual password and secret little functions

People enjoy the convenience of on-line services, Automated Teller Machines (ATMs), and pervasive computing, but online environments, ATMs, and pervasive computing may bring many risks by adversaries. To prevent users passwords from adversaries by implementing a differentiated virtual password concept in which a user has the freedom to choose a virtual password scheme ranging from weak security to strong security, where a virtual password requires a small amount of human computing to secure users passwords. A user-specified function/program is used to implement the virtual password concept with a tradeoff of security for complexity requiring a small amount of human computing. Further we propose several functions to serve as system recommended functions and provide a security analysis. For user-specified functions, we adopt a secret little functions in which security is enhanced by hiding secret functions/algorithms. Analyze how the proposed scheme defends against phishing, key logger, and shoulder-surfing attacks. The virtual password mechanism is the first one which is able to defend against all three attacks together.