Secure One Time Password Generation for Website Security using Mobile Phone with Biometrics

Authentication is an essential part of network security. It is a process of confirming the identity to ensure security, with a vital role to provide security in websites. Even though text password is a convenient user authentication on websites, it is prone to security attacks. Weak passwords are often used across several websites and typing the password into un trusted websites causes password threats. An opponent, who compromises the password, uses password stealing methods such as phishing, malware, and key loggers. The same password is used to access across several websites, with the usage of the same password to access several websites by the authentic users. The proposed system is a user authentication protocol named SOTP which uses the users mobile phone number and the short message service which is being provided by a service provider. Secure Hash Algorithm (SHA-I) is used to generate a secure one time password. Random password is generated for each login. To provide high security in the websites, a combination of biometric feature i. e. , Fingerprint along with hash function is used for authentication. A Telecommunication Service provider (TSP) is used for the registration of the users and also used the recovery phase. The registration phase involves the users mobile number, secret answer and fingerprint. Recovery phase is used, if the users mobile phone gets lost. The SOTP requires only the unique mobile number of the user and a service provided by a service provider. The user needs to remember only his long term password which has to be kept secret.