Stronger user authentication for web browser

Passwords are the most popular authentication mechanism on the Internet. People have to remember many passwords for their many online accounts. However, selecting and keeping track of all the passwords that are required to maintain a person´s online identity becomes a cumbersome task. In this paper, we propose a password protocol that allows a user to securely login multiple web accounts using the same password. Our aim is to make web authentication more secure and more convenient. Each online account of a user is protected by a unique password generated from the user´s single password using a combination of the password entered by the user, data associated with the web site, and a random string generated by the extension itself from a passphrase entered by the user. Compromising a user´s password at one site does not allow the attacker to login at another site. Our method is secure against dictionary attacks, password phishing, and many other exploits. Working transparently, our method minimizes changes to user experience. It is easy to deploy as it can be implemented as a browser extension and requires no change on web servers.