Passwords are the most commonly used means of authentication, since passwords are very convenient for users, easier to deploy and easy to use. Password-based systems suffer from two types of attacks:
i) offline attacks
ii) online attacks.
Listening to the communication channel and recording the conversations taking place in the communication channel is an example of an offline attack. Brute force and dictionary attacks are the two types of online attacks that are widespread and growing. Enabling convenient login for legitimate users while avoiding these attacks is a difficult problem. The proposed protocol called Password Fortress Protocol (PGRP), helps prevent these attacks and provides a pleasant logon experience for legitimate users. PGRP limits the number of login attempts for unknown users to one, and then challenges the unknown user with an Automated Wait Test (ATT). There are different types of ATT tests, such as CAPTCHA (completely automated public Turing test to tell computers and humans apart), security questions, etc. In this system, a distorted text based CAPTCHA is used. If the ATT test is successfully answered, access is granted to the user, otherwise access to the user is denied. The proposed algorithm analyzes the efficiency of PGRP based on three conditions:
i) number of attempts to start successful session
ii) number of failed attempts to logon password invalid
iii) number of failed attempts to logon password invalid and ATT test.