Active One-Time Password Mechanism for User Authentication

Cloud computing brings novel concepts and various applications for people to use computer on theInternet, where all of above-mentioned concern with user authentication. Password is the most popular approach for user authentication in daily life due to its convenienceand simplicity. However, on Internet, user’s password is easier to suffer from distinct threats and vulnerability. First, for the purpose of easily memorizing, user often selects a weak password and reuses it between different service providers on websites. Without a doubt, an adversary will obtain access to more websites if the password is compromised. Next, an adversary can launch several methods to snatch users’ passwords such as phishing, keyloggers, and malware, and those are hard to be guarded against. In this manuscript, we propose an active one-time password (AOTP) mechanism for user authentication to overcome two abovementioned problems, password stealing and reuse, utilizing cellphone and short message service. Through AOTP, there is no need for additional tokens, card readers and drivers, or unfamiliar security procedures and user can choose any desirous password to register on all websites. Furthermore, we also give some comparison tables to present that the proposed mechanism is better than other similar works.