A Secure Authentication Protocol to vigilant from Password Stealing and Reuse Attacks by using Opass

Now-a-days, most of the users are using the websites, at the time of login session user have to enter the user name and password. Here, text password is the most familiar form of user authentication on websites, due to its well-located and simplicity. however, users password are prone to be stolen and compromised under different coercion and vulnerabilities. Sometimes, user may select the weak password for their remembrance and reuse the same password across the many variant websites. This may leads to the domino effects. Sometimes user may use the passwords in unauthorized computer suffers password thief coercions. the password is prone to stealing attacks such as phishing, malware and key loggers etc. In this paper, a user authentication protocol named Opass is designed, that makes use of the customers cellular phone and short message service to ensure protection against password stealing attacks. Opass requires a unique phone number that will be possessed by each participating website. The registration and the recovery phases involve a telecommunication service provider. The main concept of the project is reducing the password reuse attack. We have implemented the one time password technology, and then reduce the password validity time. The performance had improved the security.