A Two Factors Authentication Method for Secure Password Transmission over Internet

Abstract

The internet based applications are play a vital role in different sectors in last decade. The users need to gain access remotely to sensitive information over the internet which is considered as unsecure network due to several vulnerabilities which can be exploited by eavesdroppers to affect these sensitive data by several ways. Therefore the need of secure mechanism to authenticate users with obtaining availability, confidentiality and privacy is increased. There are some popular types of authentication, such as static password authentication which known as being insecure because majority of people use short and simple passwords. Public key certificates schemes which provide the necessary security. However, it requires heavy computational costs and is not suitable for low specification mobile devices. This studyproposed a new method for user authentication over internet using hash function and one time password through E-mail as a second authentication factor. This method is implemented on MVC model. From implementation of this model some results can achieved such as: it is secure against password stolen attack, replay attack and man-in-the middle attack and it can be implemented in low specification devices. The proposed scheme can be implemented with less computation complexity for both client and server ends due to using SHA-512 instated of image steganography.