Robust Password Security: A Method in Preventing Guessing Attacks and Authenticating Users

The upward trajectory of information systems is marked by constant growth. Despite its widespread use, the enduring challenge of guessing attacks necessitates robust countermeasures. Current solutions, marked by diverse mechanisms and limited transparency, fail to provide real-time effective-ness. These countermeasures often implement thresholds that, upon repeated attempts, lead to the blocking of individuals. However, a drawback arises in the potential to mistakenly block benign users, thereby compromising usability for those lacking malicious intent. This paper introduces an innovative approach to address these challenges, meticulously exploring benign user scenarios to enhance the precision of guessing attack identification. Our proposed method involves breaking user passwords into distinct blocks, utilizing various features such as password length, component order, keyboard layout, real-time and historical attempt patterns, failed login history, and scheduled logins to differentiate hazardous attempts from innocuous ones. This proposed mechanism distinguishes itself through its simplicity and efficacy compared to state-of-the-art solutions. It balances security, usability, and functionality, offering a streamlined implementation to address the evolving complexities of authentication in information systems.