Two Level Authentication Scheme for Securing Session Passwords

Authentication is a very crucial process for a system with sensitive information. Different ways like Textual password and graphical password are used to authenticate users requesting access to sensitive information on a system. Various security threats are faced by different authentication approaches for example Textual passwords are proved vulnerable against eves dropping, dictionary attacks, social engineering and shoulder surfing while Graphical passwords proved stronger but more complex and time consuming for authenticating a user. Tapkir et al. proposed a two level authentication scheme which is a hybrid of text and image or color for generating session passwords and claims it to be secure against all the above mentioned attacks. However, their scheme is still vulnerable to password guessing attack and unfair grid selection. This article presents an enhancement of Tapkir et al. to secure session password against password guessing attack and unfair grid selection problem. Password used for session authentication must be used once as well as they must be unique.