A Simple and Secure Reformation-Based Password Scheme

The electronic applications of financial institutions like banks and insurance companies use either token-based, biometric-based, or knowledge-based password scheme to keep the confidential information of their customers safe from hackers. The knowledge-based password scheme's resistance, particularly its reformation-based password scheme against shoulder surfing attacks, is comparatively better than the other two because its password can be entered in crowded places without fear of shoulder surfers. However, the available reformation based passwords involve mental computation making their usability difficult. Furthermore, they also need an extra device like earphones during password entry causing to create a gap for information leakage. Moreover, most of the passwords store passwords' actual content on a server database that causes penetration in the financial institutions' database. In this article, a reformation-based password scheme involving no mental computation and using no extra device is proposed. The proposed scheme works on the password characters' indices, which change dynamically after each login process. It gets the password characters' indices from the end-user and obtains his password characters' indices from the database. Next, the textual passwords are formed from the user-provided indices and those obtained from the database. The textual passwords are then compared, and if found match, then login is succeeded, otherwise failed. Our proposed password scheme's experimental results on the password data set showed better security and usability compared to state-of-art password schemes.