Three Level Password Authentication System

A Project Work
Submitted in the partial fulfillment for the award of the degree of
BACHELOR OF ENGINEERING
IN

CLOUD COMPUTING

Submitted by:
REENU – 20BCS4129
HARSHITA - 20BCS4161
HIMANSHI- 20BCS4129

Under the Supervision of:

DR. MONICA LUTHRA

DEPARTMENT OF COMPUTER SCIENCE AND

ENGINEERINGAPEX INSTITUE OF
TECHNOLOGY

CHANDIGARH UNIVERSITY, GHARUAN, MOHALI - 140413,

PUNJAB

NOV-2023

Page 1 of 100
 BONAFIDE CERTIFICATE

Certified that this project report "Three Level Password Authentication System" is the
bona fide work of Reenu-20BCS4129 , Harshita-20BCS4161 and Himanshi-
20BCS4152 who carried out the project work under supervision of Dr. Monica Luthra.

Dr. Monica Luthra

M.Tech, Associate Professor.

Page 2 of 100
 ABSTRACT

Authentication is the proper validation and rights management of the user for accessing the resources of any

information system. It is now beyond any doubt that user authentication is the most critical element in the field of

Information Security. Authentication is one of the most important security service provided to system by the

different authentication schemes. To protect any system, authentication must be provided so that only authorized

persons can have right to use or handle that system and data related to that system securely. In order for

authentication system to be practical, three level authentications are designed to provide additional security.

There are many schemes that had been proposed but still have their weaknesses. For our information, the three

level authentication is the combination of three existing scheme which is text-based password, pattern lock and

one time password (OTP) to form a better protection One of the approaches normally in use is the common

authentication procedure in which a user needs only a user name and password, in other to make use of an

authentication and authorization system in which every client has the right to access the data and applications

which are only appropriate to his or her job. A password is a secret word or phrase that gives users access to

computer resources such as programs, files, messages etc. Password security is a significant issue for

authenticating process and different researchers in the past have proposed techniques such as salting, hashing to

make process more secured. From the end result evaluation, its miles discovered that three degree authentication

offers a dependable protection degree in assessment to the present mechanisms.

Page 3 of 61
 ACKNOWLEDGEMENT

On this great occasion of accomplishment of our project on “THREE LEVEL PASSWORD

AUTHENTICATION SYSTEM”. We would like to sincerely express our gratitude to Dr.
Monica Luthra , who has supported for the completion of this project. Your valuable guidance
and suggestions helped us in various phases of the completion of this project. We will always
be thankful to you in this regard mam. We would like to extend our deep appreciation to all my
group members, as without their support and coordination we would not have been able to
complete this project. Finally, we would like to thank our parents and friends, without whom
this assignment would not have been completed.

Page 4 of 61
 Table of Contents

Title Page 1
Declaration of the Student 2
Abstract 3
Acknowledgement 4
List of Figures 6-7

1. INTRODUCTION 6
1.1 Problem Definition 6
1.2 Project Overview/Specifications 11
1.3 Hardware Specification 13
1.4 Software Specification 16

2. LITERATURE SURVEY
2.1 Existing System 17
2.2 Proposed System 20
2.3 Feasibility Study 25

30-40
3. PROBLEM FORMULATION

4. OBJECTIVES 41
5. METHODOLOGY 45-50
6. RESULTS 51-53
7. CONCLUSIONS AND DISCUSSION 54-58
8. REFERENCES 59-60

Page 5 of 61
 1. INTRODUCTION

The paper is based on verification and validation methodology for the user authentication. The
proposed system verifies the legitimate user if he or she claims to be. The security system has three
levels to crack through, before a successful login. Until now there are already so many different
password system but seems to be failed because of bot attacks. Which is why this system mainly focus
on bot attack. Out of the three phases, one phase is completely dedicated for bot attack in order to
prevent system hack by using bot. Therefore, the proposed system is designed to get the utmost level of
security for user authentication. The application has three phases for the login. The login parameters
increase with each level. The user must pass all the phases in order to login into the system
successfully that too in first attempt. If in second or third phase the user gives the wrong input then the
user will be diverted to first phase instantly. For new users, they can sign up and set the password and
color code of their choice. The three phases that are: simple login id and password based security
which is basic authentication, after this system will advance to its second phase, which is bot-attack
detection, where system will detect if you are a real human user or bot, if passed then third and the
final phase will come into action, which is color-code based password authentication. With three
completely different phases the chance of breaking into application are negligible. A simple bot attack
or fake user can not just break into the system.

1.1 PROBLEM DEFINITION

In an era characterized by ever-growing digital interactions and an increasing reliance on online

platforms, the need for robust security measures to protect sensitive information has become paramount.
Cybersecurity threats pose significant challenges to the integrity of digital systems, making it imperative
for organizations to implement advanced authentication mechanisms. One such cutting-edge solution is
the Three-Level Password Authentication System, a multifaceted approach designed to fortify the
security posture of digital environments. This innovative system goes beyond traditional username and
password authentication, incorporating multiple layers of verification to ensure only authorized users
gain access. By combining the Knowledge Factor, Possession Factor, and Biometric Factor, this
authentication model provides a formidable defense against unauthorized access, offering a
comprehensive solution to safeguard user accounts and sensitive data.

Page 6 of 61
1. Knowledge Factor (Something you know):

- The Knowledge Factor establishes the foundation of security through the conventional method
of username and password entry. Users are required to input a unique combination of
credentials that adhere to enforced password policies. These policies typically include
specifications for minimum password length, complexity requirements, and regular password
expiration. By mandating these measures, the system ensures that users create and maintain
robust passwords, forming the initial layer of defense against unauthorized access.

2. Possession Factor (Something you have):

- The Possession Factor introduces a second layer of authentication by employing two-factor

authentication (2FA) with one-time passwords (OTPs). After successfully entering the
username and password, users receive a time-sensitive OTP on their registered possession, such
as a mobile device or email. This additional layer adds a dynamic element to the authentication
process, significantly enhancing security. The time-sensitive nature of OTPs reduces the risk of
interception or unauthorized use, reinforcing the protection of user accounts.

3. Biometric Factor (Something you are):

- The Biometric Factor takes authentication to a more personalized and secure level by
incorporating unique physical or behavioral traits of individuals. Options such as fingerprint
scans, iris scans, facial recognition, and voice recognition provide a highly reliable and
difficult-to-spoof form of user authentication. This layer ensures that the individual presenting
the credentials is indeed the authorized user, adding an extra dimension of security and making
it significantly harder for unauthorized access to occur.

4. Increased Security Layers:

- The integration of the Knowledge, Possession, and Biometric factors results in a three-
layered authentication system. This multi-layered approach significantly heightens security by
requiring successful verification at each level. The combined effect is a robust defense
mechanism that discourages and prevents unauthorized access. This increased complexity
makes it exceedingly difficult for malicious actors to compromise user accounts, enhancing the

Page 7 of 61
overall security posture of the system.

5. Adaptive Security:

- The Three-Level Password Authentication System is designed with adaptive security in

mind. It responds dynamically to evolving cyber threats by incorporating multiple
authentication factors. This adaptability allows for the modification and enhancement of
authentication methods as security landscapes change. By staying ahead of emerging threats,
the system ensures that its defenses remain effective and resilient in the face of the continuously
evolving cybersecurity landscape.

6. User-Friendly Experience:

- Despite the heightened security measures, the system prioritizes a user-friendly experience.
The authentication process is designed to balance enhanced security with ease of use. By
ensuring that the steps involved in authentication are intuitive and straightforward for end-users,
the system minimizes friction and encourages compliance with security measures. This user-
centric approach is crucial in maintaining a positive and secure user experience.

7. Reduced Risk of Unauthorized Access:

- The Three-Level Password Authentication System effectively mitigates the risk of

unauthorized access to sensitive systems or data. The combination of three authentication layers
acts as formidable barriers, discouraging and preventing unauthorized entry. This reduction in
the risk of unauthorized access is pivotal in safeguarding sensitive information and maintaining
the integrity of the digital environment.

8. Compliance with Industry Standards:

- Aligned with industry best practices and regulatory requirements, the system ensures
compliance with data protection and privacy regulations. By adhering to established standards,
the Three-Level Password Authentication System demonstrates a commitment to maintaining a
secure and trustworthy digital environment. This compliance is crucial for organizations
operating in various industries, where data security and privacy are paramount concerns.

9. Customizable Authentication Policies:

Page 8 of 61
 - The system allows organizations to tailor authentication policies based on their specific
security needs and risk profiles. This customization enables flexibility in adapting
authentication requirements to different industries and user scenarios. By accommodating
variations in security policies without compromising overall system integrity, the Three-Level
Password Authentication System provides a versatile solution for diverse organizational needs.

10. Scalability and Integration:

- Designed for seamless integration, the system easily integrates with existing systems and
infrastructure. Its scalable architecture accommodates the evolving needs of organizations,
ensuring continued effectiveness as user bases and data volumes grow. This flexibility in
integration and scalability makes the Three-Level Password Authentication System adaptable to
diverse digital environments, providing a consistent and secure user experience across various
platforms and devices.

This PHP-based Three-Level Password Authentication System is organized into several

cohesive modules, each playing a crucial role in ensuring the security and functionality of the
overall system.

1. User Registration Module:

The User Registration Module facilitates the creation of user accounts by capturing essential
information and enforcing password policies. It securely stores user details in a database, setting
the foundation for subsequent authentication processes.

2. Login Module:
The Login Module validates user credentials against stored records, initiating the first level of
authentication based on the Knowledge Factor. It securely manages user sessions upon
successful login, ensuring a seamless and protected user experience.

3. Two-Factor Authentication (2FA) Module:

The 2FA Module generates and sends one-time passwords (OTPs) to the user's registered
possession, verifying the OTP as the second layer of authentication. Time-sensitive codes add
an extra layer of security to the authentication process.

4. Biometric Authentication Module:

Page 9 of 61
 The Biometric Authentication Module integrates biometric scanning capabilities for user
verification. It manages the secure enrollment and storage of biometric data, validating the
user's identity and completing the three-level authentication process.

5. Password Management Module:

The Password Management Module empowers users to update and change their passwords
while enforcing policy requirements. It implements secure password storage techniques, such as
hashing, to protect user credentials.

6. Session Management Module:

The Session Management Module monitors and secures user sessions to prevent unauthorized
access. It implements session timeout policies and provides a secure logout mechanism,
enhancing overall system security.

7. Audit Trail Module:

The Audit Trail Module records and maintains an audit trail of authentication events, logging
both successful and failed attempts. It serves as a valuable tool for security monitoring, forensic
analysis, and maintaining accountability.

8. User Profile Module:

The User Profile Module offers users a centralized location to view and update their profile
information. It enhances the user experience by providing a personalized dashboard for
managing personal details.

9. Customization Module:
The Customization Module empowers administrators to customize authentication policies
based on organizational needs. It offers flexibility in adapting the system to varying security
requirements.

10. Security Analytics Module:

The Security Analytics Module provides insights into authentication trends and patterns. It
enables administrators to analyze user behavior, identify anomalies, and implement proactive
security measures based on analytics.

Page 10 of 61
 11. Notification Module:
The Notification Module sends real-time notifications to users for account-related activities,
such as password changes and login attempts. It enhances user awareness of security events.

12. Admin Dashboard Module:

The Admin Dashboard Module offers a centralized interface for system administrators to
manage users, review security logs, and configure system settings. It provides a comprehensive
view of the system's security status.

13. Error Handling and Reporting Module:

The Error Handling and Reporting Module manages and logs errors for effective
troubleshooting. It ensures clear error messages for users during failed authentication attempts
and assists in identifying and resolving system issues promptly.

14. Cross-Platform Integration Module:

The Cross-Platform Integration Module ensures seamless integration with various platforms,
providing consistent authentication experiences across web applications and mobile devices.

15. Compliance and Reporting Module:

The Compliance and Reporting Module assists organizations in adhering to industry
standards and regulations. It generates compliance reports for auditing purposes, ensuring the
system meets legal and regulatory requirements.

Together, these modules contribute to the comprehensive functionality of the Three-Level

Password Authentication System, offering a secure, user-friendly experience while addressing
contemporary cyber security challenges.

1.2 Problem Specification

1. Robust Three-Level Password Authentication:

2. Efficient User Authentication Workflow:

3. Empowering Admin Management

4. Seamless User Interaction with Enhanced Security:

Page 11 of 61
1.3 Hardware Specification

 Pentium Celeron 400MHz or Above

 2GB RAM

 1 GB HARD DISK Space

 VGA Colour Monitor

 Keyboard and Mouse

1.4 Software Specification

1.4.1 SOFTWARE INTERFACE

 MongoDB
 PHP
 HTML
 CSS
 JavaScript
 VS Code/ Atom IDE
 Web Browser (Chrome/Brave)

1.4.2 HUMAN INTERFACE

Interactive Forms:

- User Registration and Login Forms

- Incorporate secure password entry for the first level of authentication.
- Integrate user-friendly interfaces for the seamless execution of the Three-Level
Password Authentication System.
- Product Details and Specifications Forms
- Enhance user experience by presenting clear and detailed product information.
- Ensure compatibility with the multi-layered authentication process.
- Payment Information Forms
Page 12 of 61
 - Implement secure and intuitive forms for entering payment details.
- Align with the heightened security measures of the Three-Level Password Authentication System.

Visual Representation:

- Admin Dashboard Visuals

- Design visually engaging dashboards for administrators to oversee platform activities.
- Ensure clarity in visuals for effective management within the Three-Level
Password Authentication System.

Data Representation:

- Ensure user-friendly navigation within the secure authentication environment.

- Login History and Reports
- Align with the secure data handling principles of the Three-Level Password
Authentication System.
- User Profile Information
- Allow users to view and manage their profile information securely.
- Implement user-friendly interfaces for profile interactions.

Database Interaction:

- Adding New Passwords to the Database

- Align with the secure data handling practices of the Three-Level Password

Authentication System.

- Editing Password Information

- Ensure data accuracy and integrity within the enhanced security framework.

- Align with the principles of secure data management within the Three-Level

Password Authentication System.

Page 13 of 61
Overall, the problem overview and hardware and software specifications outlined in this document

provide a comprehensive foundation for our e-commerce platform. Streamlined user authentication

ensures a user-friendly experience, while efficient product discovery simplifies the login process.

Additionally, robust authentication capabilities enhance user experience.

Collectively, these elements lay the groundwork for a user-centric, efficient, and effective password

authentication that offers a streamlined and secure login experience. By addressing these key areas, our

system aims to meet the diverse needs of end users and provide a robust solution.

Figure-1.4.1: Flow chart of three level password authentication

Figure-1.4.2: Basic Level Mechanism

2. LITERATURE SURVEY

Page 14 of 61
 2.1 Existing System

The integration of a Three-Level Password Authentication System into an existing framework

represents a pivotal advancement in the realm of cybersecurity. In response to the escalating
sophistication of cyber threats, this system transcends conventional authentication methods, introducing
a multi-layered defense mechanism that significantly fortifies the security landscape.

Key Components of the Exiting Three-Level Authentication System:

Traditional Credentials:

1. The foundational layer incorporates traditional username and password credentials.

2. Rigorous password policies are enforced, encompassing parameters such as minimum

length, complexity requirements, and periodic password expiration.

3. This layer serves as the primary defense against common authentication vulnerabilities,
such as password breaches and brute force attacks.

Two-Factor Authentication (2FA):

1. The second level introduces an additional factor of authentication through the implementation
of two-factor authentication (2FA).

2. Users receive one-time passwords (OTPs) on their registered possessions, such as mobile
devices or email accounts.

3. The temporal nature of OTPs enhances security by reducing the risk of interception and
unauthorized access.

Advantages of Three-Level Password Authentication:

Enhanced Security Posture:

1. The amalgamation of traditional and possession-based forms a comprehensive defense,

significantly reducing the likelihood of successful unauthorized access.
2. Each layer addresses specific vulnerabilities, creating a formidable barrier against various
cyber threats.
Adaptability to Evolving Threats:

1. The system's multi-layered approach ensures adaptability to emerging cyber threats.

2. As threat landscapes evolve, the authentication system can be updated and modified to

Page 15 of 61
 incorporate additional security measures, staying ahead of potential risks.
User-Centric Design:

1. Despite the heightened security measures, the Three-Level Password Authentication System is
designed with a user-friendly experience in mind.
2. The authentication process remains intuitive and accessible, minimizing user friction while
maximizing security.

Disdvantages of Three-Level Password Authentication:

While the Three-Level Authentication System offers enhanced security, it is important to recognize
that no system is without its drawbacks. Here are some potential drawbacks associated with the
traditional Three-Level Authentication System:

1. Complexity and User Friction:

- The inclusion of multiple authentication layers, especially biometric verification, may introduce
complexity and result in increased friction for users. Some individuals may find the additional steps
cumbersome and time-consuming.

2. Technological Barriers:
- Biometric authentication, a key component of the third level, may face challenges with certain
technological barriers. For example, older devices or those lacking the necessary hardware may not
support biometric features, limiting accessibility.

3. Maintenance and Upkeep:

- The implementation and maintenance of a robust Three-Level Authentication System require
ongoing efforts. Regular updates, patches, and adaptations to emerging security threats are essential,
demanding continuous attention and resources.

4. Cost Implications:
- The incorporation of advanced authentication technologies, particularly biometric systems, may
involve higher initial costs. This includes investment in specialized hardware, software, and ongoing
maintenance, potentially presenting financial challenges for some organizations.

5. Privacy Concerns:
- Biometric data, being highly personal and unique, raises privacy concerns. Storing and handling this

Page 16 of 61
sensitive information necessitate stringent privacy protocols to prevent unauthorized access or misuse.

6. Dependency on External Devices:

- The second authentication layer, which relies on possession-based factors like mobile devices for
OTPs, introduces a dependency on external devices. If a user loses access to their registered possession,
it could impede the authentication process.

7. Resistance to Change:
- Users and administrators accustomed to traditional authentication methods may resist the shift to a
Three-Level Authentication System. Resistance to change could lead to lower adoption rates and
potential pushback from stakeholders.

8. Potential False Positives or Negatives:

- Biometric verification, while highly accurate, is not infallible. There is a possibility of false positives
(accepting an unauthorized user) or false negatives (rejecting an authorized user), although
advancements in technology aim to minimize these occurrences.

Three-Level Password Authentication underscores its significance as a sophisticated and adaptive

security solution. By addressing existing authentication vulnerabilities and introducing progressive
layers of defense, this system fortifies the existing framework against an array of cyber threats. Its
adaptability, user-centric design, and ability to provide robust security in the face of evolving challenges
position it as a valuable addition to modern cybersecurity practices.

Page 17 of 61
Figure-2.1.1: Activity Diagram

Page 18 of 61
 2.2 Proposed System

In response to the challenges and limitations of traditional password-based authentication, we propose

the development of "The Level Password Authentication System." This innovative system seeks to
address the identified problems and enhance the security and usability of authentication processes. The
proposed solution comprises several key components:
1. Multi-Factor Authentication (MFA): Our system will integrate Multi-Factor Authentication
(MFA), which necessitates users to present multiple authentication factors before being granted access.
This may encompass something the user knows (such as a password), something the user possesses
(like a smartphone app for onetime codes), and something inherent to the user (biometric data). MFA
considerably enhances security by introducing additional layers of defense against unauthorized access.

2. Biometric Authentication: Our solution will place a significant emphasis on biometric

technologies, including fingerprint recognition, facial recognition, and iris scans. Biometric
authentication offers a robust level of security, leveraging distinctive physical attributes or behavioral
patterns that are challenging to duplicate. Through the integration of biometrics, our goal is to guarantee
that only authorized individuals are able to access the system.

3. User Behavior Analysis: Our system will incorporate user behavior analysis to detect anomalies in
user interactions with the system. Deviations from established behavioral patterns will trigger alerts
and additional authentication steps, even if the correct credentials are used. This proactive approach
enhances security by identifying unauthorized access attempts.

4. Usability-Centric Design: We recognize the importance of user experience in the adoption and
success of any authentication system. The proposed solution will prioritize a user-friendly interface
for both administrators and end-users. Streamlined setup and management of authentication methods
will ensure that the authentication process remains efficient and user-centric, striking a balance
between robust security and convenience.

5. Continuous Monitoring and Adaptive Security: Our system will provide continuous monitoring
of user activities. By analyzing real-time data and behavior patterns, it will adapt to evolving threats
and security requirements. This adaptive security approach will help organizations stay one step ahead
of cyber adversaries and ensure the system remains resilient.
Page 19 of 61
6. Compliance and Regulatory Alignment: The proposed solution will be designed with strict
compliance and regulatory requirements in mind. It will be configured to meet industry-specific
standards and data protection regulations, helping organizations avoid legal and financial
repercussions.

7. Integration and Scalability: Our solution will be purposefully crafted for effortless integration
with current systems and adaptable to cater to the requirements of organizations across different sizes
and industries. It will offer versatility and customizable features to guarantee alignment with diverse
infrastructures. "The Level Password Authentication System" proposes a comprehensive solution to the
shortcomings of traditional password-based authentication. By integrating MFA, biometrics, user
behavior analysis, and a user-centric design, our system aims to create a robust authentication
framework that not only enhances security but also prioritizes usability. This project seeks to redefine
the way users access sensitive information, ensuring that access is both secure and convenient in the
ever-evolving digital landscape.

METHODOLOGY

Implementing a Three-Level Password Authentication System involves a systematic approach to ensure

robust security measures. The methodology encompasses three key stages: traditional credentials, two-
factor authentication (2FA), and biometric verification. Users initiate the process by entering traditional
credentials, such as a username and password, constituting the first authentication layer. Subsequently,
the system incorporates a second layer through the generation and validation of one-time passwords
(OTPs) sent to registered possessions. Finally, the third layer employs biometric factors, such as
fingerprint scans or facial recognition, providing a personalized and highly secure dimension to the
authentication process. This multi-layered methodology enhances security by addressing diverse
authentication vulnerabilities.

Methodology Components:

Page 20 of 61
1. Traditional Credentials:

- User Input:Users enter their traditional credentials, including a username and password.

-Password Policies: Enforce stringent password policies, ensuring complexity and periodic
updates.

2. Two-Factor Authentication (2FA):

- OTP Generation: Upon successful entry of traditional credentials, the system generates a one-
time password (OTP).

- Delivery to Registered Possession: The OTP is sent to the user's registered possession, such as a

mobile device or email.

-OTP Validation: Users enter the received OTP for verification, constituting the second

authentication layer.

3. Biometric Verification:

- Biometric Enrollment: Users enroll biometric data, such as fingerprints or facial features,
during initial setup.

- Biometric Scanning: During authentication, users undergo biometric scanning for identity
verification.

- Biometric Validation: The system compares scanned biometric data with enrolled data,
completing the three-level authentication process.

Implementation Considerations:

Page 21 of 61
Usability and Accessibility: Prioritize user-friendly interfaces and ensure compatibility with various
devices and technologies.

Privacy Measures: Implement strict privacy protocols for the handling and storage of sensitive
biometric data.

Continuous Monitoring: Employ mechanisms for continuous monitoring, logging, and analysis of
authentication events for security audits.

User Education: Provide comprehensive user education to familiarize users with the new
authentication process and address potential concerns.

Scalability: Design the system to be scalable, accommodating future growth and evolving security
requirements.

Regulatory Compliance: Ensure adherence to relevant data protection and privacy regulations in
the implementation of biometric authentication.

The methodology outlined here establishes a comprehensive and secure approach to the
implementation of a Three-Level Password Authentication System, addressing traditional and
emerging authentication challenges.

Figure-2.2.1:Login Operation

Page 22 of 61
Figure-2.2.2: Collaboration Diagram

Page 23 of 61
Here are a few examples of different types of social media applications:

Several types of Three-Level Password Authentication Systems exist, each incorporating different
authentication factors and methods to enhance security. Here are a few examples:

1. Knowledge-Based Authentication System:

-Level 1: Traditional username and password.
-Level 2 Two-factor authentication (2FA) through one-time passwords (OTPs) sent to a registered
possession.
-Level 3: Biometric verification, such as fingerprint scanning or facial recognition.

2. Smart Card-Based Authentication System:

- Level 1: Smart card authentication with a PIN.
- Level 2: OTPs generated and sent to the user's mobile device.
- Level 3: Biometric authentication using a fingerprint scanner on the smart card.

3. Mobile-Based Authentication System:

- Level 1: Traditional credentials (username and password).
- Level 2: OTPs sent to the user's mobile device.
- Level 3: Biometric verification using the mobile device's fingerprint or facial recognition features.

4. Token-Based Authentication System:

- Level 1: Traditional username and password.
- Level 2: Hardware token-generated OTPs.
- Level 3: Biometric verification through fingerprint scanning on the device.

5. Voice Recognition-Based Authentication System:

Page 24 of 61
 - Level 1: Voice-based credentials (voice print).
- Level 2: OTPs sent to a registered mobile device.
- Level 3: Biometric voice recognition for enhanced identity verification.

6. Retina Scan-Based Authentication System:

-Level 1: Traditional username and password.
-Level 2: OTPs delivered to a registered mobile device.
- **Level 3:** Biometric verification through retina scanning.

7. Wearable Device-Based Authentication System:

- Level 1: Traditional credentials.
- Level 2: OTPs sent to a connected wearable device.
- Level 3: Biometric authentication through a built-in fingerprint scanner on the wearable device.

8. Facial Recognition-Based Authentication System:

-Level 1: Traditional username and password.
- Level 2: OTPs sent to a registered mobile device.
- Level 3: Biometric facial recognition for enhanced identity verification.

These examples showcase the diversity in Three-Level Password Authentication Systems,

demonstrating how different factors and technologies can be combined to create secure and adaptable
authentication processes. The choice of a specific system depends on factors such as user convenience,
the nature of the application, and the level of security required.

What are the features of a social media application?

A Three-Level Password Authentication System is characterized by its multi-layered approach to

user verification, incorporating different factors to enhance security. The features of such a
system typically include:

1. Traditional Credentials:

Page 25 of 61
 - Username and Password: Users enter traditional credentials as the first layer of
authentication.
- Password Policies: Enforce strict password policies, such as complexity requirements and
regular updates, to enhance security.

2. Two-Factor Authentication (2FA):

- One-Time Passwords (OTPs): Generate dynamic OTPs and send them to a registered
possession, such as a mobile device or email.
- Possession-Based Authentication: Introduce a possession-based factor, requiring users to
validate the received OTP as the second layer of authentication.

3. Biometric Verification:
- Enrollment: Allow users to enroll biometric data, such as fingerprints, facial features, or
retina scans, during the setup phase.
- Authentication: Verify user identity through biometric scanning, constituting the third layer
of authentication.
- Unique Personalization: Leverage the uniqueness of biometric traits to ensure a highly secure
and personalized authentication process.

4. User-Friendly Interfaces:
- Intuitive Design: Ensure user interfaces are designed for simplicity and ease of use to
minimize friction during the authentication process.
- Clear Feedback: Provide clear feedback to users during each authentication step to enhance
user understanding and confidence.

5. Security Analytics:
- Monitoring: Implement mechanisms for continuous monitoring and logging of authentication
events.
- Analytics: Utilize security analytics to identify patterns, anomalies, and potential security
threats.

6. Adaptability:
- Scalability: Design the system to be scalable, accommodating future growth and evolving
security requirements.

Page 26 of 61
 - Configurability: Allow administrators to configure and adapt authentication policies based on
organizational needs and industry standards.

7. Privacy Measures:
- Secure Storage: Implement secure storage mechanisms for sensitive information, such as
biometric data.
- Privacy Policies: Adhere to strict privacy protocols to safeguard user information and comply
with relevant regulations.

8. Continuous Improvement:
- Updates and Patches: Regularly update and patch the system to address vulnerabilities and
incorporate improvements.
- User Education: Provide ongoing user education to keep users informed about security best
practices and the evolving nature of cyber threats.

9. Multi-Layered Defense:
- Comprehensive Security: The combination of traditional credentials, possession-based
factors, and biometric verification creates a comprehensive defense against various
authentication vulnerabilities.
- Reduced Risk: Each layer adds an additional barrier, reducing the risk of unauthorized access
even if one layer is compromised.

10. Regulatory Compliance:

- Adherence to Regulations: Ensure compliance with data protection and privacy regulations
governing the handling of sensitive user information.

These features collectively contribute to the strength and effectiveness of a Three-Level

Password Authentication System, providing a secure and user-friendly authentication experience
while addressing contemporary cybersecurity challenges.

The proposed methodology contains three levels of verification of identity. In the first level the
textual passwords are verified. Textual verification of passwords are one of the primary and
existing methodologies widely used for authentication. On successful verification of textual

Page 27 of 61
 passwords the user is verified for bot attack. The programmed software may generate different
combination of alphabets, symbols and numerals which may successfully go through the textual
password verification phase. The bot attack recognition module allows the legitimate users to go
for the third level of authentication. In the third level a color code detection module verifies the
legitimate users providing the highest level of security. The architecture of proposed
methodology is given in Figure.

Textual password

Bot attack recognition

Color code detection

Figure-2.2.5: Different stages of Three level password

authentication system

Must have features of Three level Password Authentication System

1. Dynamic Risk Assessment:

- Real-time Evaluation: Incorporate dynamic risk assessment during authentication, analyzing
user behavior patterns and contextual information to detect anomalies.
- Adaptive Policies: Adjust authentication requirements based on the assessed risk, providing
flexibility to enhance security in high-risk scenarios.

Page 28 of 61
2. Behavioral Biometrics:
- Keystroke Dynamics: Integrate behavioral biometrics, such as keystroke dynamics, to
analyze unique typing patterns for continuous user verification.
- Mouse Movement Analysis: Leverage mouse movement analysis as an additional behavioral
factor for identity validation.

3. Geo-Fencing and Location-Based Authentication:

- Geo-Fencing: Implement geo-fencing to restrict authentication attempts to predefined
geographic areas, adding an extra layer of location-based security.
- Location History: Utilize location history as a factor in the authentication process, verifying
whether the user's device is in a historically typical location.

4. Time-of-Day Restrictions:
- Authentication Time Windows: Define specific time windows during which users are
allowed to authenticate, reducing the risk of unauthorized access during off-hours.
- Temporal Anomalies Detection: Monitor and analyze temporal patterns to identify unusual
authentication attempts outside regular timeframes.

5. Device Health Check:

- Device Integrity Verification: Conduct a health check on the user's device to ensure it meets
security standards before allowing authentication.
- Malware Detection: Implement mechanisms to detect potential malware or security threats on
the user's device, enhancing overall system security.

6. Multi-Channel Authentication:
- Cross-Platform Verification: Enable multi-channel authentication, allowing users to
authenticate from various platforms while maintaining a consistent security standard.
- Simultaneous Authentication Checks: Implement checks across multiple
channels simultaneously for added security layers.

7. Zero Trust Architecture:

- Least Privilege Access: Follow the principle of least privilege, granting users minimal access
until their identity is fully authenticated.
- Continuous Verification: Apply the zero trust model, continuously verifying user identity

Page 29 of 61
and device health throughout the user session.

8. Biometric Liveness Detection:

- Liveness Checks: Incorporate liveness detection in biometric verification to ensure the
presented biometric data is from a live person, mitigating potential spoofing attempts.
- Dynamic Facial Recognition: Implement dynamic facial recognition techniques that assess
changes in facial expressions for liveness verification.

These innovative features enhance the security of a Three-Level Password Authentication

System by introducing advanced methods and technologies for user verification and continuous
monitoring.

Page 30 of 61
 Figure-2.2.6: Authentication phase for graphical password

FEASIBILITY STUDY

Feasibility study is made to see if the project on completion will serve the purpose of the

organization for the amount of the work, effort and the time that spend on it. Feasibility study

lets the developer for see the future of the project and the usefulness. A feasibility study of the

system proposal is according to its workability, which is the impact on the organization, ability

to meet their user needs and effective use of resources. As the name implies, a feasibility study

is used to determine the viability of an idea, such as ensuring a project is legally and technically

feasible as well as economically justifiable. It tells us whether a project is worth the investment

in some cases, a project may not be doable. Feasibility studies allow companies to determine

and organize all the details to make a business work. A feasibility study helps identify logistical

problems, and nearly all business-related problems and their solutions. Feasibility studies can

also lead to the development of marketing strategies that convince investors or a bank that

investing in the business is a wise choice.

Preliminary investigation examines project feasibility, the likelihood the system will be useful

to the organization. The main objective of the feasibility study is to test the Technical,

Operational and Economical feasibility for adding new modules and debugging old running

system. All system is feasible if they are unlimited resources and infinite time.

There are aspects in the feasibility study portion of the preliminary investigation:

 Technical Feasibility

 Operation Feasibility

Page 31 of 61
 Economic Feasibility

Page 32 of 61
 Technical Feasibility

The technical issue usually raised during the feasibility stage of the investigation includes

the following:

 Does the necessary technology exist to do what is suggested?

 Do the proposed equipment’s have the technical capacity to hold the data required to

use the new system?

 Will the proposed system provide adequate response to inquiries, regardless of the

number or location of users?

 Can the system be upgraded if developed?

 Are there technical guarantees of accuracy, reliability, ease of access and data security?

The technical feasibility study for the Three-Level Password Authentication System involves a
meticulous examination of the system requirements, technology stack, and security measures to ensure a
robust and viable implementation. The evaluation begins with a detailed analysis of the necessary
hardware, software, and network infrastructure, ensuring that the proposed system aligns with existing
technical capabilities. The chosen technology stack, encompassing components for biometric
verification, OTP generation, and secure data storage, undergoes scrutiny to determine its compatibility
and feasibility within the organizational context. This assessment includes considerations of the
availability of skilled personnel or the need for specialized training to maintain and operate the system
effectively. Security measures, such as biometric verification and OTPs, are subject to thorough
evaluation to gauge their effectiveness in mitigating potential risks and vulnerabilities. The technical
feasibility study provides a foundational understanding of whether the proposed Three-Level Password
Authentication System aligns with the organization's technical capabilities and objectives.

Page 33 of 61
 Operational Feasibility
Operational feasibility is a critical aspect of the comprehensive study conducted to assess the viability of
implementing a Three-Level Password Authentication System. This phase focuses on evaluating the practicality
of integrating the proposed system into the existing operational framework of the organization. Several key
considerations are examined to ensure a seamless and efficient transition to the new authentication system.

One of the primary aspects of operational feasibility is understanding user acceptance and potential resistance to
change. Organizations are composed of diverse user groups, each with distinct preferences, technological comfort
levels, and expectations. Through surveys, user feedback sessions, and engagement with key stakeholders, it
becomes possible to gauge the attitudes and concerns of end-users. This proactive approach enables the
identification of potential challenges in user acceptance and provides valuable insights into tailoring the system to
meet user expectations.

Training requirements constitute another pivotal element of operational feasibility. Introducing a Three-Level
Password Authentication System often necessitates a paradigm shift in how users interact with authentication
processes. To address this, a comprehensive training program is developed to familiarize both end-users and
administrators with the new system. This includes detailed instructions on entering traditional credentials,
understanding OTPs, and participating in the biometric enrollment process. By investing in targeted training
initiatives, organizations can mitigate potential user resistance and ensure a smooth adoption of the new
authentication paradigm.

The integration of the Three-Level Authentication System with existing business processes is a critical
consideration in operational feasibility. Organizations operate within established workflows and systems, and any
new implementation must align seamlessly to avoid disruption. Through a thorough examination of current
processes, potential points of integration, and dependencies, it is possible to identify how the new authentication
system can be incorporated without impeding daily operations. This may involve adjusting access controls,
revisiting authorization protocols, and ensuring that the system's deployment does not compromise established
workflows.

Usability is a key factor in operational feasibility, as the success of any authentication system hinges on its
practicality and user-friendliness. The interfaces for entering traditional credentials, validating OTPs, and
undergoing biometric verification must be intuitive and clear. By prioritizing user experience, organizations can
enhance the system's adoption rates and minimize user friction during the authentication process.

Scalability is also a crucial consideration in operational feasibility, especially in the context of organizational
growth and evolving security needs. The Three-Level Password Authentication System should be designed to
accommodate an increasing user base and adapt to changing technological landscapes. This involves evaluating
Page 34 of 61
the system's capacity to handle a growing number of users, devices, and transactions without compromising
performance.

In conclusion, operational feasibility is an integral component of the feasibility study for a Three-Level Password
Authentication System. It encompasses an in-depth analysis of user acceptance, training requirements, integration
with existing processes, usability, and scalability. By addressing these operational considerations, organizations
can ensure a successful implementation that aligns with their operational realities, enhances security, and
provides a positive experience for end-users and administrators alike. Its important to check all feasibilty of
a system.

Page 35 of 61
Economic Feasibility
Economic feasibility constitutes a pivotal aspect of the comprehensive study undertaken
to evaluate the viability of implementing a Three-Level Password Authentication
System. This phase of the feasibility study involves a meticulous analysis of the financial
implications associated with the adoption, deployment, and maintenance of the proposed
authentication system. Several key economic considerations are thoroughly examined to
ensure that the investment aligns with the organization's financial capabilities and
strategic objectives.

A cornerstone of economic feasibility is the conduct of a comprehensive cost-benefit

analysis. This entails a systematic examination of both the anticipated costs and benefits
associated with the implementation of the Three-Level Password Authentication System.
The cost component encompasses various facets, including the procurement of necessary
hardware and software, licensing fees, personnel training, and ongoing maintenance
expenses. These costs are meticulously estimated to provide a clear understanding of the
financial outlay required for the system's deployment. Simultaneously, the benefits, both
direct and indirect, are evaluated. These benefits may include a reduction in security
breaches, enhanced user authentication, and potential cost savings resulting from
improved security measures. The cost-benefit analysis serves as a foundational tool for
decision-makers, providing insights into the economic viability of the proposed
authentication system and guiding strategic financial planning.

Return on Investment (ROI) is a critical metric assessed during the economic feasibility
study. By comparing the expected benefits against the projected costs, organizations can
gauge the potential return on the investment in the Three-Level Password Authentication
System. The ROI analysis extends beyond financial metrics to encompass the broader
impact on organizational efficiency, reputation, and resilience against security threats.
Decision-makers use this information to ascertain whether the anticipated returns, both
quantifiable and qualitative, justify the financial commitment required for the
implementation.

Budgetary considerations are a fundamental element of the economic feasibility study.

Organizations operate within defined budgetary constraints, and understanding the
financial parameters is crucial for effective decision-making. The study evaluates
Page 36 of 61
 whether the projected costs align with the available budget or if additional funding
sources need to be explored. It also considers the allocation of resources for ongoing
maintenance, updates, and potential future expansions of the authentication system.

Risk analysis is an inherent component of economic feasibility, acknowledging that

unforeseen challenges may impact the financial aspects of the project. Contingency plans
are developed to address potential budget overruns, scope changes, or other unforeseen
circumstances. By proactively identifying and planning for potential risks, organizations
can enhance their ability to manage economic challenges effectively.

A thorough examination of the economic feasibility also considers the Total Cost of
Ownership (TCO) over the system's lifecycle. This includes not only the initial
investment but also ongoing operational and maintenance costs. Understanding the TCO
provides a more comprehensive view of the economic impact of the Three-Level
Password Authentication System, guiding organizations in making informed decisions
about the long-term financial commitment required.

In conclusion, economic feasibility is a multifaceted analysis that delves into the

financial aspects of implementing a Three-Level Password Authentication System.
Through cost-benefit analysis, ROI assessment, budgetary considerations, risk analysis,
and TCO evaluation, organizations gain a comprehensive understanding of the economic
viability of the proposed system. This informed perspective enables decision-makers to
align financial resources with strategic goals and ensure a judicious investment in a
secure and resilient authentication infrastructure.

3. PROBLEM FORMULATION

Problem formulation involves clearly defining and articulating the challenges or issues that need to be
addressed within a particular context. It serves as the foundation for developing solutions and guiding
the direction of a project or initiative. In the context of a Three-Level Password Authentication System,
the problem formulation can be structured to identify and outline the specific issues that necessitate the
implementation of such a system.

Problem Formulation for Implementing a Three-Level Password Authentication System:

Page 37 of 61
In the realm of cybersecurity, organizations face an escalating threat landscape marked by increasingly
sophisticated attacks on user authentication systems. Conventional username and password methods
have proven vulnerable to a range of cyber threats, including password breaches, phishing attacks, and
brute force attempts. This vulnerability jeopardizes the integrity of sensitive data, leading to potential
unauthorized access and security breaches. Additionally, the proliferation of advanced hacking
techniques and the compromise of traditional authentication methods highlight the pressing need for a
more resilient and secure approach to user verification.

The primary problem lies in the inadequacy of existing authentication systems to provide robust defense
against evolving cybersecurity threats. Organizations require a solution that addresses the limitations of
traditional methods, enhances user security, and fortifies access controls. The absence of a multi-layered
authentication system leaves systems susceptible to unauthorized access, putting sensitive data and user
privacy at risk. Furthermore, the lack of adaptability in existing systems makes it challenging to respond
effectively to emerging threats, necessitating a dynamic and responsive authentication infrastructure.

To address these challenges, the formulation of the problem revolves around the need for a Three-Level
Password Authentication System. The aim is to implement a secure, adaptable, and user-friendly
authentication mechanism that combines traditional credentials, two-factor authentication (2FA), and
biometric verification. This approach seeks to establish a multi-layered defense against common threats,
such as password breaches and unauthorized access attempts. Moreover, the system should be designed
to accommodate future growth, technological advancements, and changing security landscapes.

In summary, the problem formulation centers on the shortcomings of existing authentication methods in
the face of escalating cybersecurity threats. The identified issues include vulnerability to common
attacks, the need for adaptability, and the imperative to enhance user security. The proposed solution
involves the implementation of a Three-Level Password Authentication System to address these
challenges comprehensively and ensure a secure and resilient user verification process.

Page 38 of 61
Figure-3.2: State diagram of a possible 3-D password application

Page 39 of 61
 Models: In the context of web development, a model is a fundamental component of the Model-View-
Controller (MVC) architectural pattern, playing a crucial role in the organization and management of
data. The model represents the underlying data structure and business logic of an application, serving
as a bridge between the user interface (View) and the database. It encapsulates the rules and processes
that govern how data is stored, retrieved, and manipulated. Within the Three-Level Password
Authentication System, the user model embodies this concept by defining the structure of user
accounts and encapsulating essential functionalities such as password hashing, biometric enrollment,
and settings configuration. In essence, the model ensures the integrity and security of user-related data,
providing a standardized and structured approach to interact with and manage user information. By
adhering to the principles of abstraction and encapsulation, the model contributes to the overall
maintainability, scalability, and security of the authentication system, creating a separation of concerns
that enhances the modular development and maintenance of the application.

A.User Model:

In the Three-Level Password Authentication System, the user model serves as the foundational
structure for managing user accounts. It encompasses essential attributes such as User ID,
Username, Password Hash, Email, Biometric Data, and Two-Factor Authentication (2FA)
Settings. The model includes methods for securely handling tasks like password hashing,
biometric enrollment, email updates, password changes, and the configuration of 2FA
preferences. Through these attributes and methods, the user model ensures the secure storage
and management of user information, facilitating robust authentication processes.
Complementing the user interface, the post module handles the backend logic and processing of user
interactions. This module includes functions for user authentication, biometric verification, password
updates, 2FA configuration, and user registration logic. These functions ensure the secure execution
of key processes, such as validating user credentials during login, verifying biometric data, securely
updating passwords, managing 2FA settings, and processing new user registrations. Additionally,
robust security measures such as input sanitization, secure session management, data encryption, and
rate limiting are incorporated to safeguard against common security threats.
The user model represents the structure and functionality associated with user accounts within the
authentication system. It includes the following attributes and methods:

A. Attributes:

1. User ID: Unique identifier for each user.

Page 40 of 61
 2. Username: The chosen username for login.
3. Password Hash: Securely stored hash of the user's password.
4. Email: User's email address for communication and account recovery.
5. Biometric Data: Storage for enrolled biometric information (fingerprint, facial features, etc.).
6. Two-Factor Authentication (2FA) Settings: Preferences for 2FA methods (e.g., mobile OTP).

Methods:

1. Password Hashing: Function to securely hash and store user passwords.

2. Biometric Enrollment: Process for users to enroll biometric data during initial setup.
3. Update Email: Allows users to update their registered email address.
4. Update Password: Enables users to change their passwords securely.
5. Configure 2FA: User interface and functionality for enabling or modifying 2FA settings.

B. Post Model

The Post Model is designed primarily for posts and uploads, as the name implies. Auser can upload or
alter their profile picture, cover photo, or post in our online website with either plain text, images, text
that includes images, or text that is shown on top of one of the provide image backgrounds. Therefore,
as a starting point, west or the post's type(profile picture,cover picture,
etc.) along with the text (if any, otherwise null), images (an array or null if not any),the user by
reference, the background (if any, otherwise null), and the comments received—the text, image (if any),
commented by, and the comment timestamp. The time stamps of each post are also saved.
The post module handles the backend logic and processing of user interactions. It includes functions for
user authentication, biometric verification, and updating user information.

Functions:
1. User Authentication: Validates user credentials during login, including traditional
username/password and 2FA.
2. Biometric Verification: Verifies enrolled biometric data during the authentication process.
3. Password Update Logic: Implements secure procedures for updating user passwords.
4. 2FA Configuration Logic: Manages the configuration and verification of 2FA settings.
5. User Registration Logic: Processes user input during registration, creating new accounts
securely.
Security Measures:
Page 41 of 61
 1. Input Sanitization: Ensures that user inputs are sanitized to prevent common security
vulnerabilities like SQL injection and cross-site scripting.
2. Secure Session Management: Implements secure session handling to protect against session
hijacking.
3. Data Encryption: Uses encryption methods for sensitive data, such as password hashes and
biometric information.
4. Rate Limiting: Implements rate limiting on authentication attempts to prevent brute force
attacks.

C. View:

The view module represents the user interface and presentation layer of the authentication system. It
consists of various pages and forms designed to facilitate user interactions. The Registration Page
allows new users to create accounts, while the Login Page provides an interface for users to enter their
credentials. The User Profile Page displays user information, and the Settings Page allows users to
configure authentication settings, including 2FA preferences. Corresponding forms such as Registration
Form, Login Form, Biometric Enrollment Form, Password Change Form, and 2FA Configuration Form
guide users through the necessary steps, creating an intuitive and user-friendly experience.

The view module represents the presentation layer, providing interfaces for users to interact with the
authentication system. It includes pages and forms for user registration, login, profile management, and
settings.

Pages:
1. Registration Page: Allows new users to create accounts by providing required information.
2. Login Page: Provides the interface for users to enter their credentials for authentication.
3. User Profile Page: Displays user information and options for managing the account.
4. Settings Page: Allows users to configure authentication settings, including 2FA preferences.

Forms:
1. Registration Form: Collects user details such as username, password, and optional biometric
data during the account creation process.
2. Login Form: Takes user input for authentication, including username, password, and 2FA codes.
3. Biometric Enrollment Form: Guides users through the process of enrolling biometric data.
4. Password Change Form: Enables users to securely update their passwords.
Page 42 of 61
 5. 2FA Configuration Form: Allows users to set up and manage 2FA preferences.

Controllers: All events triggered by the View are handled by the Controller. After receiving a
path, the component gets a JSON response, then sends the object to its child component. The
Controller is in charge of custom loading screens, page caching, server-side rendering and
prefetching. After processing a request, it responds with a status code and message. For instance,
when a user clicks the activation link, we try a piece of code to activate their account. We take
the user ID from the account where the request was made and verify our database to see if it is a
valid user. The JWT (Jason Web Token) is used to grant access to routes, services, and
resources. When uploading images or media, the middleware checks the format and file-size
after receiving the request and only if the conditions are met, the controller goes through with
processing the request. Other functions include a mailer function to send an email to the user
with the activation code.
In the Model-View-Controller (MVC) architectural pattern, controllers serve as the intermediary
between the user interface (View) and the underlying data and business logic (Model).
Controllers receive user inputs from the View, process them, and trigger the appropriate actions
within the Model. In the context of the Three-Level Password Authentication System,
controllers play a pivotal role in orchestrating the flow of information and operations related to
user interactions. They receive requests initiated by users through the View, such as login
attempts, password updates, or biometric enrollments, and then invoke the corresponding
functions in the backend logic (Model). The controllers facilitate the seamless interaction
between the user interface and the underlying system functionality, ensuring that user inputs are
processed securely and that the appropriate responses are provided. Through effective control
flow and coordination, controllers contribute to the overall responsiveness, reliability, and
security of the authentication system, acting as the command center that directs the execution of
tasks based on user interactions and system requirements.

Testing System : Testing is a type of software testing that focuses on evaluating the end-to-end

functionality of a system. It is usually performed after the individual components of the system

have been tested and integrated together. The goal of system testing is to verify that the system

meets the specified requirements and functions correctly.

Unit testing is a software testing technique that involves testing individual units or components

Page 43 of 61
of a software application in isolation from the rest of the application. The goal of unit testing is

to

Page 44 of 61
validate that each unit of the software application is working as intended and meets the specified

requirements. Unit tests are typically small, focused test cases that test a specific feature or

behavior of a unit. They are usually automated and run as part of the development process, and

they are designed to be fast and easy to run.

Integration testing is a software testing technique that involves testing the interactions between

individual units or components of a software application. The goal of integration testing is to

validate that the units or components of the software application work together as intended and

meet the specified requirements. It is typically performed after unit testing and before system

testing. It is designed to test the integration points between the units or components, as well as

the functionality of the application as a whole.

Validation testing is a type of software testing that focuses on evaluating the accuracy and

correctness of the software. It is typically per formed during the later stages of the software

development life cycle, after the software has been implemented and integrated. The goal of

validation testing is to ensure that the software meets the specified requirements and functions as

intended.

Black Box testing is a method for testing an application without having any knowledge of its

internal workings. The tester lacks access to the source code and is unaware of the system

architecture. Typically, a tester will use a black box test to interact with the user interface of the

system by providing inputs and evaluating outcomes without being aware of the location or the

method used to process the inputs.

White box testing (also known as glass box testing or structural testing) is a type of software

Page 45 of 61
testing that focuses on the internal structure and implementation of a software application.

It is based on the assumption that the tester has complete knowledge of the code and design of

the software being tested. The goal of white box testing is to validate that the software is

correctly implemented and meets the specified requirements. It involves testing the individual

components and functions of the software to ensure that they are working as intended and that

they are correctly integrated with the rest of the application.

Figure-3.3: Authentication Factor

Page 46 of 61
 5. RESEARCH OBJECTIVES

Research objectives serve as the guiding principles that define the purpose and scope of a study,
providing a clear roadmap for investigation and analysis. In the context of developing a Three-Level
Password Authentication System, the research objectives are designed to address key aspects related to
security, usability, and technological implementation.

The primary research objective is to enhance the security infrastructure of user authentication through
the implementation of a Three-Level Password Authentication System. This involves a comprehensive
examination of existing vulnerabilities in traditional username and password authentication methods.
By conducting a thorough analysis of common cyber threats such as password breaches, phishing
attacks, and brute force attempts, the research aims to identify and address these weaknesses. The
primary focus is on fortifying the authentication process to ensure robust protection against
unauthorized access and potential data breaches. This includes evaluating the effectiveness of
password hashing algorithms, exploring advanced biometric verification techniques, and implementing
secure two-factor authentication (2FA) methods.

Another research objective centers on usability and user experience, aiming to create an authentication
system that is not only secure but also user-friendly. The research seeks to understand the challenges
users face in the authentication process and address issues related to clarity, intuitiveness, and overall
user satisfaction. By incorporating feedback from user testing sessions, surveys, and usability studies,
the goal is to design interfaces that facilitate smooth user interactions, particularly during processes
like registration, login, and biometric enrollment. The research seeks to strike a balance between robust
security measures and an intuitive user experience, ensuring that users can easily and confidently
navigate the authentication system.

The technological implementation of the Three-Level Password Authentication System constitutes a

significant research objective. This involves selecting and integrating appropriate technologies,
frameworks, and programming languages that align with the system's requirements. The research
delves into the compatibility of different technologies, evaluating their interoperability and efficiency.
Additionally, it explores the scalability of the system to accommodate potential future growth and
technological advancements. The objective is to build a secure and technologically sound
authentication system that not only meets current standards but is also adaptable to evolving security
landscapes and emerging technologies.
Page 47 of 61
 Furthermore, the research aims to assess the performance of the Three-Level Password Authentication
System under various conditions. This involves conducting rigorous performance testing, stress testing,
and load testing to evaluate the system's responsiveness and stability. By simulating scenarios with
varying user loads and stress levels, the research seeks to identify potential bottlenecks, optimize
system performance, and ensure that the authentication process remains efficient even during peak
usage. This objective aligns with the overarching goal of delivering a system that not only prioritizes
security and usability but also operates seamlessly under real-world conditions.

In summary, the research objectives for developing a Three-Level Password Authentication System are
multifaceted. They encompass enhancing security measures, prioritizing user experience, selecting and
implementing appropriate technologies, and rigorously testing system performance. By addressing
these objectives, the research aims to contribute to the development of an advanced authentication
system that not only meets current cybersecurity standards but also anticipates and adapts to future
challenges in the ever-evolving landscape of digital security.

4.1PROCEDURE

1. Define Objectives and Requirements:

1. Clearly articulate the objectives of the Three-Level Password Authentication System,
considering security enhancements, usability improvements, and technological implementation.
2. Identify and document specific requirements based on the research objectives, including security
features, user interface specifications, and technological stack.

2. Conduct a Security Assessment:

1. Perform a comprehensive security assessment to identify vulnerabilities in traditional
authentication methods.
2. Evaluate common threats such as password breaches, phishing attacks, and brute force attempts.
3. Define security measures, including advanced password hashing algorithms, biometric
verification techniques, and secure two-factor authentication.

3. Design User Interfaces:

1. Develop intuitive user interfaces for key system interactions, including user registration, login,
password changes, and biometric enrollment.
Page 48 of 61
 2. Incorporate user feedback from testing sessions and usability studies to enhance the clarity and
usability of the interfaces.

4. Select and Implement Technologies:

1. Choose and integrate appropriate technologies, frameworks, and programming languages that
align with the system's requirements.
2. Ensure compatibility and interoperability of selected technologies.
3. Implement a scalable architecture to accommodate potential growth and future technological
advancements.

5. Develop Authentication Modules:

1. Build the backend logic for authentication modules, including password hashing functions,
biometric verification processes, and two-factor authentication configurations.
2. Implement secure data storage and retrieval mechanisms for user information.
3. Develop controllers to manage the flow of information between the user interface and the
underlying data and business logic.

6. Implement Security Measures:

1. Incorporate robust security measures, including input validation, secure session management,
and encryption of sensitive data.
2. Conduct penetration testing and vulnerability assessments to identify and address potential
security vulnerabilities.

7. Test System Functionality:

1. Conduct unit testing to verify the correctness of individual components.
2. Perform integration testing to ensure seamless interaction between different modules.
3. Conduct functional testing to validate core system functionalities, including user registration,
login, password changes, and biometric verification.

8. Assess System Performance:

1. Conduct performance testing, stress testing, and load testing to evaluate the system's
responsiveness and stability under various conditions.
2. Optimize system performance by addressing any identified bottlenecks.

Page 49 of 61
9. User Acceptance Testing (UAT):
1. Provide end-users with a test environment to perform real-world scenarios.
2. Gather user feedback on the overall usability, security, and satisfaction with the authentication
system.

10. Implement Feedback and Refinement:

1. Incorporate feedback from testing phases to refine and enhance the system.
2. Address any identified issues, make necessary adjustments, and retest the system.

11. Documentation:
1. Document the architecture, design decisions, and implementation details.
2. Create user manuals and documentation for administrators.

12. Deployment:
1. Deploy the Three-Level Password Authentication System to a production environment.
2. Monitor system performance and security post-deployment.

13. Training:
1. Provide training sessions for end-users and administrators to ensure a smooth transition to
the new authentication system.

14. Continuous Improvement:

2. Establish a process for ongoing monitoring, maintenance, and continuous improvement of the
authentication system.
3. Stay informed about emerging technologies and security best practices to adapt the system to
evolving challenges.

This procedure provides a structured approach to developing a robust and secure Three-Level Password
Authentication System, ensuring that it meets both technical and user-centric requirements.
Adjustments to this procedure may be necessary based on specific project constraints and organizational
needs.

Page 50 of 61
Figure-4.1.4 data flowchart for the system

Page 51 of 61
5. METHODOLOGY
The methodology for developing a Three-Level Password Authentication System is a systematic and
multi-faceted process designed to address key aspects of security, usability, and technological
implementation. The initial phase involves a rigorous security assessment to identify vulnerabilities in
traditional authentication methods. By examining common threats such as password breaches, phishing
attacks, and brute force attempts, the research aims to fortify the authentication process against
unauthorized access and potential data breaches. This is achieved through the implementation of
advanced security measures, including robust password hashing algorithms, sophisticated biometric
verification techniques, and secure two-factor authentication.

User-centric design principles form a pivotal part of the methodology, ensuring that the interfaces for
key system interactions prioritize clarity, intuitiveness, and accessibility. The design phase involves
incorporating user feedback from testing sessions and usability studies, creating interfaces that facilitate
smooth user experiences during processes like registration, login, and biometric enrollment. This user-
centric approach not only enhances the overall usability of the system but also contributes to the
creation of an authentication system that users can confidently navigate.

The technological implementation phase focuses on selecting and integrating appropriate technologies,
frameworks, and programming languages aligned with the system's objectives and requirements.
Compatibility and interoperability of chosen technologies are crucial to creating a cohesive and efficient
system architecture. Additionally, a scalable technological infrastructure is implemented to
accommodate potential growth and adapt to emerging technologies, ensuring the system's long-term
viability.

Page 52 of 61
 Fig 1: system architecture

System Architecture is a theoretical blueprint for the construction and performance of a system. In this
figure the user should provide user’s details like user name and user conventional password which is as
strong as much and difficult to guess. Users have to register with his/her mobile number along with one
security question for validation phase of authentication. At pattern lock the security has been imposed
using patterns where the user will be asked to select a pattern as difficulty level which is unique for each
and every individual user. User needs to select an folder for locking it and by using the picture based
password and text password the folder gets locked. Similarly if user wants to unlock the folder first the
user has to type his/her mobile number then otp will be generated to the registered mobile number then
by using picture based password and text based password the folder gets unlocked.

Backend development is a critical aspect of the methodology, involving the creation of the logic for
authentication modules, including secure password hashing, biometric verification processes, and two-
Page 53 of 61
factor authentication configurations. Controllers are implemented to manage the flow of information
between the user interface and the underlying data and business logic, ensuring a seamless and secure
authentication process. Furthermore, secure data storage and retrieval mechanisms are put in place to
safeguard user information.

Security testing is an integral part of the methodology, aiming to identify and address potential
vulnerabilities through rigorous penetration testing and vulnerability assessments. Robust security
measures are implemented, including input validation, secure session management, and encryption of
sensitive data, fortifying the system against common security risks and potential exploits. This phase
ensures that the authentication system is resilient in the face of cyber threats, providing a secure
environment for user data.

Comprehensive testing is conducted throughout the development process, encompassing unit testing,
integration testing, functional testing, and performance testing. Unit testing verifies the correctness of
individual components, while integration testing ensures seamless interaction between different
modules. Functional testing validates core system functionalities, such as user registration, login,
password changes, and biometric verification. Performance testing assesses system responsiveness and
stability under various conditions, optimizing performance through stress testing and load testing.

User acceptance testing (UAT) provides end-users with a test environment to perform real-world
scenarios, offering valuable insights into the system's usability, security, and overall satisfaction. User
feedback gathered during this phase is incorporated into refinements and improvements, ensuring that
the final authentication system aligns with user expectations and requirements.

Documentation plays a crucial role in the methodology, encompassing the documentation of

architecture, design decisions, and implementation details. User manuals and documentation for
administrators are created to facilitate effective system usage and management. The deployment and
training phase involves deploying the Three-Level Password Authentication System to a production
environment, closely monitoring system performance and security post-deployment. Training sessions
for end-users and administrators ensure a smooth transition to the new authentication system.

The methodology concludes with a focus on continuous improvement, establishing a systematic process
for ongoing monitoring, maintenance, and enhancements to adapt the system to evolving challenges.
Page 54 of 61
Staying informed about emerging technologies and security best practices ensures that the Three-Level
Password Authentication System remains robust, secure, and aligned with industry standards over the
long term.

Figure 2. Comparison of authentication mechanisms

6. Modal and Analysis

One-time password is a password that is

valid for only one login session or
transaction, on a computer system or other
digital device. At this level, after successful
with the 2 levels, the system will generate
one-time password and send them through
email or SMS to the users as it has a high
One-time password technique
potential to reach all the customers with a
low total cost of ownership or Smartphone
can be used as token or platform for
creating OTP. Then the users need to login
with the password that valid for a short
period only. This scheme is secure enough
because the system will generate the
password and available for a short period
only. Thus, it is hard to crack
This authentication system uses end user’s
Pattern based password visual memory. Using nine points in a three
by-three

Page 55 of 61
 grid, a user creates a drag pattern. This
method belongs not only to the something
you know category, which is based on
memory, but also to the behavior pattern
recognition category, since it utilizes finger
motion memory. The number of available
secret patterns in this system. However, the
number of pattern provided is limited.
Hence, this locking feature is the most
widely used by the general public.
Third level is text based authentication
password. User authentication through
textual password is very common in
computer system because it is easy to use.
This schema is popular since last 4 decades,
for its easiness, cost effectiveness,
simplicity to all users. Text passwords are
text based mechanism. They contain
alphanumeric and or special keyboard
characters. A password is a secret word or
phrase that gives users access to computer
resources Such as programs, files,
Text based password
messages, printers, internet, etc. It is for
ensuring unauthorized users not access the
resources of
user’s account. Password should not be
easily guessed by someone. This is the
reason why we need a strong secure
protection from attackers. At this level,
users need to register the user ID and text
password in the system. The password can
be numeric’s, alphabets and any characters
that make sure it is strong. To login, users
need to re- enter the information that being
selected in the registration process.

Page 56 of 61
 Results

Page 57 of 61
 Conclusion

In conclusion, the development of a Three-Level Password Authentication System represents a

significant stride toward creating a robust, secure, and user-friendly authentication solution. This
comprehensive endeavor has been guided by a systematic methodology that addresses key dimensions
of security, usability, and technological implementation. Through a careful evaluation of existing
vulnerabilities in traditional authentication methods, the system was fortified against common threats
such as password breaches, phishing attacks, and brute force attempts.

The user-centric design principles incorporated into the methodology have played a crucial role in
shaping the interfaces for essential system interactions. The focus on clarity, intuitiveness, and
accessibility ensures that users can navigate through processes like registration, login, and biometric
enrollment with confidence and ease. This user-centric approach is not merely a design consideration
but a commitment to creating an authentication system that aligns seamlessly with the expectations and
preferences of end-users.

Technological implementation has been a key pillar of the methodology, involving the judicious
selection and integration of technologies, frameworks, and programming languages. The goal was not
only to meet current objectives but also to establish a scalable technological infrastructure capable of
adapting to emerging technologies. The resulting architecture forms a resilient foundation, ensuring that
the system is not only current but also well-positioned for future advancements in the dynamic
landscape of digital security.

The backend development phase has brought to life the logical core of the authentication system. From
secure password hashing and biometric verification processes to the configuration of two-factor
authentication, every component has been meticulously crafted to uphold the integrity of user data.
Controllers manage the flow of information between the user interface and the underlying logic,
creating a seamless and secure authentication process. The implementation of secure data storage
mechanisms is a testament to the commitment to safeguarding user information.

Security testing has been a critical aspect of the methodology, systematically identifying and mitigating
potential vulnerabilities. Through penetration testing, vulnerability assessments, and the implementation
of robust security measures, the authentication system has been fortified against common security risks.
The emphasis on input validation, secure session management, and data encryption underscores the
commitment to creating a secure environment for user data, protecting it from potential threats and
Page 58 of 61
exploits.

The testing phases, including unit testing, integration testing, functional testing, and performance
testing, have collectively contributed to the reliability and efficiency of the authentication system. Real-
world scenarios have been simulated to ensure optimal performance under various conditions. User
acceptance testing, involving end-users in the evaluation process, has provided invaluable insights into
the usability, security, and overall satisfaction with the system. User feedback has been incorporated
iteratively, refining and improving the system to align with user expectations.

Documentation serves as a lasting record of the architectural decisions, design rationale, and
implementation details. User manuals and documentation for administrators have been created to
facilitate effective system usage and management. The deployment and training phase marks the
transition from development to practical implementation, with close monitoring of system performance
and security post-deployment. Training sessions ensure that end-users and administrators are well-
equipped to navigate and manage the new authentication system seamlessly.

As the development journey concludes, the emphasis on continuous improvement becomes paramount.
The establishment of a systematic process for ongoing monitoring, maintenance, and enhancements
ensures that the authentication system remains resilient and adaptable in the face of evolving challenges.
Staying abreast of emerging technologies and security best practices is integral to sustaining the
effectiveness of the Three-Level Password Authentication System over the long term. In essence, the
culmination of this development effort represents not just a technological achievement but a
commitment to fostering a secure and user-centric digital environment.

Page 59 of 61
 8. REFERENCES

[1] C.T. Li and M.-S. Hwang, “An Efficient Biometrics-Based Remote User Authentication
Scheme Using Smart Cards,” J. Network and Computer Applications, vol. 33, no. 1, pp. 1-
5, 2010.
[2] P.C. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” Proc. Int’l Cryptology
Conf.(CRYPTO), pp. 388-397, 1999.
[3] T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Examining Smart-Card Security under the
Threat of Power Analysis Attacks,” IEEE Trans. Computers, vol. 51, no. 5, pp. 541- 552,
May 2002

[4] Y. Dodis, L. Reyzin, and A. Smith, “Fuzzy Extractors: How to Generate Strong Keys from
Biometrics and Other Noisy Data,” Proc. Int’l Conf. Theory and Applications of
Cryptographic Techniques (Eurocrypt), pp. 523-540, 2004.
[5] N.K. Ratha, J.H. Connell, and R.M. Bolle, “Enhancing Security and Privacy in Biometrics-
Based Authentication Systems,” IBM Sys- tems J., vol. 40, no. 3, pp. 614-634, 2001.
[6] Security Analysis and Implementation of JUIT-IBA System using Kerberos Protocol,
Proceedings of the 7th IEEE International Conference on Computer and Information
Science, Oregon, USA, pp. 575-580, 2008.
[7] Richard E. Newman, Piyush Harsh and Prashant Jayaraman, “Security Analysis of and
Proposal for Image Based Authentication,” 2005.
[8] Chiasson, S., R. Biddle, R., and P.C. van Oorschot. A Second Look at the Usability of
Click-based Graphical Passwords. ACM SOUPS, 2007.
[9] Haichang Gao, Zhongjie Ren, Xiuling Chang, Xiyang Liu Uwe Aickelin, A New
Graphical Password Scheme Resistant to Shoulder-Surng.
[10] Z. Zheng, X. Liu, L. Yin, Z. Liu A Hybrid password authentication scheme based on shape
and text Journal of Computers, vol.5, no.5 May 2010.
[11] Chris Ullman and Lucinda Dykes, Beginning Ajax (Programmer to Programmer),
Paperback, March 19, 2007.
[12] A. Bhargav-Spantzel, A.C. Squicciarini, E. Bertino, S. Modi, M. Young, and S.J. Elliott,
“Privacy Preserving Multi-Factor Authentication with Biometrics,” J. Computer Security,
vol. 15, no. 5, pp. 529-560, 2007.
Page 60 of 61
[13] S. Goldwasser, S. Micali, and C. Rackoff, “The Knowledge Complexity of Interactive
Proof- Systems,” SIAM J. Computing, vol. 18, no. 1, pp. 186-208, Feb. 1989.
[14] U. Uludag, S. Pankanti, S. Prabhakar, and A.K. Jain, “Biometric Cryptosystems: Issues and
Challenges,” Proc. IEEE, Special Issue on Multimedia Security for Digital Rights
Management, vol. 92, no. 6, pp. 948-960, June 2004.

[15] C.-I. Fan and Y.-H. Lin, “Provably Secure Remote Truly Three-Factor Authentication
Scheme with Privacy Protection on Bio-metrics,” IEEE Trans. Information Forensics
and Security, vol.4,no. 4, pp. 933-945, Dec. 2009.

Page 61 of 61