With the rapid growth of websites, the registered users accounts across the websites increased from aggressive manner. The user may contain multiple accounts in a single website or across the different websites. So, for the different accounts the user may use the same password or the similar password which is already used, but with the prefix or postfix. As the result, guessing a single password may leak the remaining passwords which lead to the major concern of the security and user may forget the passwords of different sites. Hence a secure authentication scheme against password guessing attacks is necessary for logging in to the account with the single password reused for all the accounts in a secure manner with Single Sign on (SSO). In SSO, the tool allows a user to register and sign in with one set of credentials and gain access to the multiple applications and services. SSO increases security by using the difficult passwords which restrict guessing attacks, and also provides a better user experience for customers, employees by reducing the number of required accounts, passwords and provides simple access to all the applications and services they need.

Security, Authentication, Password guessing attacks, Brute force attacks, Dictionary attacks

1] D. Florencio and C. Herley, “A large-scale study of web password habits, “in Proceedings of the 16th international conference on World Wide Web- WWW ’07, 2007, p. 657.
2] J. Yan A. Blackwell R. Anderson A. Grant "Password memorability and security: Empirical results" IEEE Security Privacy vol. 2 no. 5 pp. 25-31 Sep. /Oct. 2004.
3] Kostas Theoharoulis Ioannis Papaefstathiou "Implementing Rainbow Tables in high end FPGAs for superfast password Cracking" International Conference on field programmable Logic and applications (FPL) ISBN: 978-l-4244- 7842-2 Aug. 2010.
4] T. Arai H. Yamaguchi T. Sekiguchi and Y. Takemi "Fundamental technology to support cloud computing” IT platform 2010
5] Z. Li, W. He, D. Akhawe, and D. Song. The emperor’s new password manager: Security analysis of web-based password managers. In USENIX Security, 2014.
6] Weili Han, Zhigong Li and Minyue Ni “Shadow Attacks based on Password Reuses: A Quantitative Empirical Analysis”
7] Chang, C.C and Lee, C.Y. (2012) a secure single sign-on mechanism for distributed computer networks. IEEE Trans. Ind. Electron., 59, 629–637
8] Csdncleartext passwords 2011.
9] R. Wang, S. Chen, and X. Wang. Signing me onto your accounts through Facebook and google: A traffic-guided security study of commercially deployed single-sign-on web services. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 365–379, 2012.
10] N.LiandMarkovesecurity.org/TC/SP2014/papers/AStudyofProbabilisticPasswordModels
11] D. Llewellyn-Jones and G. Rymer. Cracking pwdhash: A brute force attack on client-side password hashing. In The 11th International Conference on Passwords (Passwords 2016). Springer, 2017.
12] T. Acar M. Belenkiy A. Küpçü "Single password authentication" Computer. Networks vol. 57 no. 13 pp. 2597-2614 Sep. 2013.