A user friendly password authenticated key agreement for web based services

With an increase in number of services provided over internet, the demand for securing users sensitive data has also increased. Due to the simplicity of single factor (username/password) authentication mechanisms, most of the Web based services have been employing this mechanism. But these mechanisms are now not being considered secure enough for various reasons such as 1) There is a sharp increase in number of attacks on ID/password based mechanisms 2) Users registered with various no. of online services have to remember pairs of ID/passwords for their respective accounts. 2) Users are either choosing easy to remember passwords which are weak & are susceptible to dictionary attack, or are choosing hard to guess alphanumeric passwords which are hard to remember & which leads them to write it on paper. So, in order to provide secure and user friendly authentication, the security experts are strongly recommending the online financial service providers to deploy two factor authentication mechanisms to strengthen security without compromising user convenience. In this paper, we try to address above issues by proposing a user friendly two-factor based authentication mechanism which allows the user to freely choose easy to remember passwords based on a description of users personal images. At login, users recall & enter their password by seeing their pre-selected images. This approach helps a user maintain many accounts with different passwords conveniently. In addition, the scheme proposes a protocol for secure low computation mutual authentication and session key agreement. The proposed mechanism is user friendly and is resistant to several attacks.