Passwords are the powerful tools that tend to keep all data and information digitally safe. It is frequently noticed that text password remains predominantly popular over the other formats of passwords, due to the fact that it is simple and expedient. However, text passwords are not always sturdy enough and are very easily stolen and misused under different vulnerabilities. Other persons can obtain a text password when a person creates a weak password or a password that is completely reused in many sites. In this condition if one password is hacked, it can be used for all the websites. This is called the Domino Effect. Another unsafe situation is when a person enters his/her password in a computer that is not trust-worthy; the password is prone to stealing attacks such as phishing, malware and key loggers etc. Among the most significant current threats to online banking are keylogging and phishing. These attacks extract user identity and account information to be used later for unauthorized access to user’s financial accounts. This paper focuses on user authentication protocols which are used for secured online processing like online banking. During recent years numbers of authentication protocols are proposed in this area. For further researches, understanding of these approaches is essential.

Network Security, User Authentication, Password Reuse Attack, Password Stealing Attack

[1]. B. Ives, K. R. Walsh, and H. Schneider, “The domino effect of password reuse,” Commun. ACM, vol. 47, no. 4, 2004, pp. 75–78..
[2]. M.Wu, S. Garfinkel, and R. Miller, “Secure web authentication with mobile phones,” in DIMACS Workshop Usable Privacy Security Software, Citeseer, 2004.
[3]. M. Mannan and P. van Oorschot, “Using a personal device to strengthen password authentication from an untrusted computer,” Financial Cryptography Data Security, 2007, pp. 88–103.
[4]. C. Yue and H. Wang, “SessionMagnifier: A simple approach to secure and convenient kiosk browsing,” in Proc. 11th Int. Conf. Ubiquitous Computing, ACM, 2009, pp. 125–134.
[5]. B. Parno, C. Kuo, and A. Perrig, “Phoolproof phishing prevention,” Financial Cryptography Data Security, 2006, pp. 1–19.
[6]. B. Schneier, “Two-Factor Authentication: Too Little, Too Late,” in Inside Risks 178, Communications of the ACM, 48(4), April 2005.
[7]. S. Gawand E. W. Felten, “Password management strategies for online accounts,” in SOUPS ’06: Proc. 2nd Symp. Usable Privacy . Security, New York, ACM, 2006, pp. 44–55.
[8]. W.C. Kuo, Y.C. Lee, “Attack and improvement on the one-time password authentication protocol against theft attacks”, Proc. of the Sixth International Conference on Machine Learning and Cybernetics, Hong Kong, Aug. 2007, pp.19-22.
[9]. Hung-Min Sun, Yao-Hsin Chen, and Yue-Hsun Lin ,”oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attack”, in IEEE Transactions On Information Forensics And Security, Vol. 7, No. 2, April 2012.
[10]. Anand Sharma and Vibha Ojha. “Password based authentication” Philosophical Survey, IEEE. 2010.
[11]. D. Florencio and C. Herley, “A large-scale study of web password habits,” in WWW ’07: Proc. 16th Int. Conf. World Wide Web., New York,, ACM, 2007, pp. 657–666.
[12]. S. Chiasson, A. Forget, E. Stobert, P. C. van Oorschot, and R. Biddle, “Multiple password interference in text passwords and click-based graphical passwords,” in CCS ’09: Proc. 16th ACM Conf. Computer Communications Security, New York, 2009, pp. 500–511.
[13]. I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, “The design and analysis of graphical passwords,” in SSYM’99: Proc. 8th Conf. USENIX Security Symp., Berkeley, CA, USENIX Association, 1999 pp. 1–1.
[14]. B. Pinkas and T. Sander, “Securing passwords against dictionary at- tacks,” in CCS ’02: Proc. 9th ACM Conf. Computer Communications Security, New York, ACM, 2002, pp. 161–170.
[15]. H. Tian, X. Chen, and Y. Ding, “Analysis of Two Types Deniable Authentication Protocols,” I. J. Network Security, Jul. 2009, pp. 242-246.