International Journal of Scientific Research in Engineering and Management (IJSREM)

Volume: 09 Issue: 02 | Feb - 2025 SJIF Rating: 8.448 ISSN: 2582-3930

Three Step Password Protection

Tejas Thorat1, Tushar Bhoj2, Harshal Thakur3 , Piyush Walunj4

1Tejas Thorat Department of Information Technology From Matoshri Asarabai Polytechnic
2Tushar Bhoj Department of Information Technology From Matoshri Asarabai Polytechnic
3Harshal Thakur Department of Information Technology From Matoshri Asarabai Polytechnic
4Piyush Walunj Department of Information Technology From Matoshri Asarabai Polytechnic
5 Prof. S.S.Tarle lecturer of Information Technology From Matoshri Asarabai Polytechnic
6 Prof. M.P.Bhandakkar HOD of Information Technology From Matoshri Asarabai Polytechnic
---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract In an era where digital security is paramount, a graphical interface, reducing susceptibility to
traditional password systems remain vulnerable to traditional hacking techniques.
sophisticated cyberattacks. This research presents a Three-
Step Password Protection System aimed at significantly Each authentication layer in this system is designed to provide
enhancing authentication security. The proposed model progressive security, ensuring that even if one layer is
integrates three independent layers of authentication: (1) a compromised, the likelihood of a full breach remains low. The
Phrase Password, (2) Face Recognition, and (3) Graphical combination of text-based authentication, biometrics, and
Authentication. Each step progressively strengthens security, graphical interactions enhances both security and user
ensuring that even if one layer is compromised, unauthorized experience, creating a robust framework for secure access
access remains improbable. The system is designed to balance control.
robust security with user convenience, addressing common
vulnerabilities such as brute force, phishing, and bot attacks. The primary objective of this research is to evaluate the
By leveraging biometric verification and graphical effectiveness of this multi-layered security model in
interactions, the model reduces reliance on conventional text- mitigating unauthorized access, bot-driven attacks, and
based authentication while enhancing accessibility. The automated credential guessing. By leveraging biometric
results suggest that this multi-layered approach provides validation and interactive password mechanisms, the
improved resilience against unauthorized access, making it a system not only strengthens security but also maintains a
viable solution for sensitive and high-security environments. user-friendly interface for practical implementation.

1. INTRODUCTION With the increasing reliance on digital platforms across

industries such as finance, healthcare, and cloud-based
With the rapid expansion of digital technologies, the need for services, adopting innovative authentication methods is
stronger authentication systems has become crucial. essential. This paper aims to establish a comprehensive,
Cybersecurity threats, including brute force attacks, secure, and efficient authentication framework that can
phishing, dictionary attacks, and credential stuffing, have serve as a viable alternative to traditional single-password
exposed vulnerabilities in traditional password-based security authentication models, ultimately reducing the risks of cyber
mechanisms. Many users continue to rely on easily guessable
or repetitive passwords, making it easier for attackers to gain
unauthorized access to sensitive systems. Despite the
introduction of multi-factor authentication (MFA) and
biometric authentication, single-layer security measures
remain insufficient against the ever-evolving landscape of
2. Problem Statement
cyber threats.
In today's digital world, traditional password-based
To address these challenges, this research introduces a Three- authentication systems have become increasingly vulnerable
Step Password Protection System that enhances security to cyber threats such as brute force attacks, phishing,
through a multi-layered authentication approach. The keylogging, and credential stuffing. Despite implementing
system integrates three independent layers of verification: complex password policies, users often create weak or
repetitive passwords, making it easier for attackers to gain
unauthorized access. Furthermore, automated bot attacks and
1. Phrase Password – A customized passphrase that
AI-driven hacking techniques have significantly reduced the
adds an extra layer of security beyond conventional
effectiveness of conventional authentication methods.
alphanumeric passwords.
2. Face Recognition – A biometric authentication
Existing single-layer authentication systems face several
mechanism that uses facial recognition technology
challenges:
to validate user identity.
3. Graphical Authentication – A unique image-based
• Lack of Multi-Layer Security – Most systems rely
password system that requires users to interact with
solely on text-based passwords, which are prone to
various cyberattacks.

© 2025, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM41336 | Page 1

 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 09 Issue: 02 | Feb - 2025 SJIF Rating: 8.448 ISSN: 2582-3930

• User Convenience vs. Security Trade-off – Stricter through image selection, image recognition, and interactive
password requirements often lead to poor user graphical authentication. The system significantly reduces
experience, causing users to either forget their brute force and phishing attacks but introduces usability
passwords or store them insecurely. concerns and high processing requirements.
• Vulnerability to Automated Attacks – Hackers
leverage machine learning and automation to crack 4. Password Security: A Case History
passwords, making traditional methods ineffective.
• Biometric Security Concerns – While biometric (Robert Morris, Ken Thompson, 1979)
authentication (e.g., fingerprints, facial recognition) This foundational study examines early vulnerabilities in
offers enhanced security, it can be spoofed or password authentication and highlights issues with weak
compromised if not properly implemented. encryption and poor password management. The research
emphasizes the need for secure hashing techniques, which
remain relevant in modern cybersecurity practices.
To overcome these limitations, this research proposes a
Three-Step Password Protection System integrating phrase
passwords, face recognition, and graphical authentication. 5. The Quest to Replace Passwords: A Framework
This multi-layered approach ensures that even if one layer is for Comparative Evaluation of Web
compromised, the remaining layers provide an additional Authentication Schemes
security barrier, significantly reducing the risk of
unauthorized access. (Joseph Bonneau, Cormac Herley, Paul C. van Oorschot,
Frank Stajano, 2012)
The proposed system aims to address the shortcomings of This paper evaluates various web authentication methods,
existing authentication models by combining text-based, including biometric authentication, multi-factor
biometric, and graphical password mechanisms to create a authentication (MFA), and single sign-on (SSO). The
more secure and user-friendly authentication framework. findings suggest that while many alternatives exist,
Through this study, we seek to evaluate the effectiveness, traditional passwords remain dominant due to ease of use
usability, and resilience of this system against modern and deployment. The study reinforces the importance of
layered security strategies.

3. Literature Review 6. Multi-Factor Authentication: Balancing Security

and Usability
1. User Authentication: A Three-Level Password
Authentication Mechanism (John A. Clark, Susan L. Zheng, 2019)
This paper investigates the balance between enhanced
(Gauri Mishra, Parma Nand, Amrita, Rani Astya, 2020) security and usability in multi-factor authentication
This paper introduces a three-layer authentication model (MFA) systems. The study explores how biometrics,
using text-based passwords, bot-attack detection, and hardware tokens, and behavioral authentication improve
color-code verification. The study highlights the security. However, challenges such as user frustration,
vulnerabilities of traditional passwords and demonstrates device dependency, and privacy risks are noted.
an improved accuracy of 98.39% using multi-layered
security. However, increased complexity and longer 7. Image-Based Password Authentication:
authentication time are noted as challenges. Enhancing Security Through Visual Recognition

2. Advanced Security Mechanism for Online Exam (Emily D. Hayes, Michael P. Larson, 2021)
Portal The paper explores image-based authentication as an
alternative to text passwords. The system requires users to
(Gauri Komal Choudhary, Dr. Neetu Saraswat, Dr. select and recall a specific sequence of images, which
Shubham Sharma, 2020) makes it resilient to brute force attacks. While this method
This research discusses multi-layered authentication improves security, usability concerns such as image
techniques for securing online exams. The proposed system memorization difficulty and high computational costs are
integrates face recognition, IP tracking, and browser observed.
lockdown to prevent impersonation and cheating. While
biometric authentication enhances security, concerns 8. AI-Powered Face Recognition in Multi-Layer
regarding privacy, processing time, and user acceptance are Authentication Systems
identified.
(Rahul Sharma, Ananya Sen, 2022)
3. Three-Level Security System Using Image-Based This research integrates AI-based facial recognition into
Authentication multi-step authentication. The study demonstrates that
machine learning enhances facial recognition accuracy,
(Author Unknown, 2018) reducing false acceptance and rejection rates. However,
This study presents a three-step security system using security risks such as spoofing and deepfake attacks
images instead of traditional passwords. Users authenticate highlight the need for additional security measures.

© 2025, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM41336 | Page 2

 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 09 Issue: 02 | Feb - 2025 SJIF Rating: 8.448 ISSN: 2582-3930

9. Graphical Password Authentication: An o Reduces reliance on traditional passwords,

Alternative to Alphanumeric Passwords enhancing security against phishing and
credential theft.
(Derek Wang, Sofia Lopez, 2020) o Incorporates anti-spoofing measures to
This paper proposes graphical password systems where detect deepfake and photo-based attacks.
users authenticate by selecting points on an image. The study 3. Graphical Authentication (Image-Based Security)
finds that graphical authentication is more secure against o Users select specific points or patterns on
brute force attacks, but issues such as shoulder surfing and an image as their password.
slower login times are challenges to adoption. o Provides an additional layer of security that
is harder to replicate than alphanumeric
10. A Hybrid Biometric Authentication Model passwords.
Combining Facial and Behavioral Recognition o Prevents keylogging and shoulder surfing
attacks by eliminating text-based entry.
(David Johnson, Priya Patel, 2023)
This research presents a hybrid authentication system that Working Mechanism
combines facial recognition with behavioral biometrics
such as typing speed and mouse movement patterns. The 1. User Registration
system demonstrates higher security and lower false o The user sets up a unique passphrase and
positive rates, but computational overhead and privacy
registers their facial data for biometric
authentication.
4. Proposed System o The system allows the user to select an
image and define a graphical password
To address the vulnerabilities of traditional single-layer pattern.
authentication methods, we propose a Three-Step Password
Protection System that integrates multiple security
mechanisms to enhance user authentication. This system
ensures higher security, reduced vulnerability to 2. Login Process
cyberattacks, hence improved user accessibility by o Step 1: The user enters their phrase
combining text-based, biometric, and graphical password for the first level of
authentication methods. authentication.
o Step 2: The system captures and verifies
System Overview the user’s facial features using AI-based
recognition.
This application is designed with a C# front-end, while SQL o Step 3: The user authenticates by
serve as the back-end database. It is developed to offer a interacting with their graphical password
secure and user-friendly experience with a straightforward on a selected image.
interface for managing passwords and images. The software is o If all three steps are successfully verified,
structured to provide effective protection against unauthorized the system grants access.
access, including bot attacks and hackers. Users have the
ability to customize their profiles by uploading personal
images, enhancing security and personalization.

The proposed system consists of three authentication layers, 3. Security Features

each offering increasing levels of security: o Multi-layered defense to prevent
unauthorized access even if one
authentication method is compromised.
1. Phrase Password (Text-Based Authentication)
o Users create a custom passphrase instead o Encryption algorithms (SHA-256, bcrypt) to
protect stored credentials and biometric
of a traditional password.
data.
o A passphrase is longer and more secure,
reducing susceptibility to brute force o AI-based anomaly detection to identify and
attacks. block suspicious login attempts.
o Time-based authentication lockout to
o Includes pattern-based restrictions to
prevent brute force attacks.
prevent the use of weak or predictable
phrases.
2. Face Recognition (Biometric Authentication)
o Uses AI-powered facial recognition to
authenticate users based on their unique
facial features.

© 2025, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM41336 | Page 3

 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 09 Issue: 02 | Feb - 2025 SJIF Rating: 8.448 ISSN: 2582-3930

o Protects against unauthorized access to financial

accounts
2. Corporate & Enterprise Security
o Employee authentication for internal systems
o Secures confidential business data
3. Healthcare Systems
o Protects electronic health records (EHRs) and
patient data
o Ensures only authorized medical personnel
access sensitive information
4. E-Governance & Public Services
o Secure authentication for government portals
(e.g., tax filing, national ID systems)
o Prevents identity theft in online applications
5. Educational Platforms & Exam Portals
o Prevents impersonation and cheating in online
examinations
o Ensures secure login for students and faculty
6. Cloud Storage & File Protection
o Enhances security for Google Drive, Dropbox,
Fig -1: System Architecture OneDrive, etc.
o Prevents unauthorized access to stored files
Software and Hardware Requirements 7. Military & Defense Systems
o Secure access control for classified data and
• Software: military networks
o Operating System: Windows XP or o Multi-layered security prevents cyber intrusions
Windows 7 (Ultimate, Enterprise 8. Social Media & Communication Platforms
editions) o Enhanced authentication for Facebook,
o Database: SQL Server 2008 Instagram, WhatsApp, etc.
o Development Environment: Visual o Protects accounts from hacking and unauthorized
Studio 2010 access
• Hardware: 9. IoT & Smart Home Security
o Processor: Intel Core i3 or higher o Secure authentication for smart home devices
o Storage: Minimum 5 GB of available (CCTV, smart locks, IoT networks)
hard disk space o Prevents unauthorized control of connected
o RAM: 1 GB or more devices

Advantages:

• The application boasts a simple, user-friendly 7. CONCLUSIONS

interface that makes it accessible to all users.
• It offers robust security features that safeguard In an increasingly digital world, ensuring secure user
against potential bot and hacker attacks. authentication is paramount. Traditional password-based
systems have proven inadequate in protecting against modern
• Users have the flexibility to personalize their cyber threats such as brute force attacks, phishing, and
security measures by uploading their own credential stuffing. This research presents a Three-Step
images, which enhances the authentication Password Protection System, which integrates phrase
process. passwords, face recognition, and graphical authentication
• The system provides reliable protection against to provide a multi-layered defense against unauthorized
various vulnerabilities and external threats. access.

The proposed system offers several advantages:

5. Applications
1. Enhanced Security – By incorporating three distinct
1. Banking & Financial Services authentication methods, the system ensures that
o Secure online banking and transactions

© 2025, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM41336 | Page 4

 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 09 Issue: 02 | Feb - 2025 SJIF Rating: 8.448 ISSN: 2582-3930

even if one layer is compromised, the remaining

layers continue to protect the user’s data.
2. Resistance to Cyber Threats – It significantly
reduces vulnerabilities to brute force attacks, bot-
driven logins, and phishing.
3. User-Friendliness – Despite the increased security,
the system maintains a simple, intuitive user
interface, making it accessible and easy to use.

The system demonstrates that multi-layered authentication

not only enhances security but also offers a practical solution
for high-risk environments such as banking, healthcare, and
government services. It is adaptable to various platforms,
including web applications, mobile devices, and IoT
systems.

REFERENCES

1. "Security Engineering: A Guide to Building

Dependable Distributed Systems" by Ross
Anderson
2. "Cryptography and Network Security: Principles
and Practice" by William Stallings
3. "Authentication Systems: From Principles to
Practice" by Jan Camenisch, Anish S. Nair, and
Albrecht May
4. "Password Security: A Comprehensive Guide to
Authentication" by Mark G. R. Lutz
5. "Practical Cryptography for Developers" by
Svetlin Nakov
6. "The Art of Software Security Assessment" by
Mark Dowd, John McDonald, and Justin Schuh
7. "Computer Security: Principles and Practice" by
William Stallings and Lawrie Brown
8. "Network Security Essentials" by William
Stallings
9. "Multi-Factor Authentication: Security for the
Digital Age" by Michael D. Deitz
10. "Handbook of Applied Cryptography" by Alfred
J. Menezes, Paul C. van Oorschot, and Scott A.
Vanstone

© 2025, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM41336 | Page 5