A novel Web security evaluation model for a one-time-password system

Abstract

One-time passwords (OTPs) have the advantage over regular passwords in that they protect legitimate users from replay attacks by generating a different password for each time of authentication. There are two variables that play a major role in creating a secure OTP; they are the passphrase length and the number of times the one-time password should be hashed. It is already a known fact that the larger the passphrase length the better is the security an OTP can offer. However, there is still a lack of quantitative analysis carried out to study how optimal Web security can be achieved. We propose a novel Web security evaluation model that can be used to measure the strength of a one-time password.