P K TECHNICAL CAMPUS, CHAKAN

A MICRO-PROJECT REPORT ON
“SECURE LOGIN AUTHENTICATION SYSTEM”

SUBMITED BY:-

SARAS KANGUDE
RUTIK THAKARE
ATUL GAIKWAD

UNDER GUIDANCE OF
Prof mrs. ANKITA GADEKAR MADAM
 THIS IS CERTIFY THAT THE MICROPROJECT
IS SUCCESSFULLY SUBMITTED BY,

Saras Kangude
Rutik Thakare
Atul Gaikwad

_____________________________ _________________________
MRS. ANKITA GADEKAR HEAD OF THE
MADAM DEPARTMENT
 Acknowledgement
We remain immensely obliged to Lect. Ankita Gadekar for providing us with the
ideas of this Topic and for here invaluable support garnering resources for me
either by the information or computer also her guidance and supervision made
this project happen. I would like to Thank my college PK TECHNICAL
CAMPUS. Our source of inspiration, Principle and HOD Computer Engineering
Department for their valuable support.
 ABSTRACT
With the rapid evolution of the wireless communication technology, user
authentication is important in order to ensure the security of the wireless
communication technology. Password play an important role in the
process of authentication. In the process of authentication, the password
enter by the user will be transmitted along the traffic to the authentication
server in order to allow the server to grant access to the authorized user.
The attacks will use the chance to attempt to sniff others person password
in order to perform some illegal activities by using others identity to keep
them safe from troubles. Due the issues, there are many solutions has been
proposed to improve the security of wireless communication technology.
In this paper, the previously proposed solution will be used to enhance the
security of the system. The solution adopted is the one time password,
hashing and two-factor authentication. There also a new solution will be
added by using the QR code to help to save more data. The objective of
the system outcome is to enhance the current login authentication system.
It provides solutions for making password breaking more difficult as well
as convinces users to choose and set hard-to-break passwords.
CONTENTS
Acknowledgement
Abstract
CHAPTER 1: INTRODUCTION
1.1 Idea of project
1.2 Motivation of project
1.3 Brief Description
1.4 Project Objectives

CHAPTER 2: LITERATURE REVIEW

2.1 Literature Survey for Problem Identification
2.2 Two-factor Authentication
2.3 One Time Password (OTP)
2.4 Cryptography

CHAPTER 3: PROPOSED METHODOLOGY/APPROCH

3.1 Project Role
3.2 Project Plan
3.3 System Design

CHAPTER 4: IMPLEMENTATION DETAILS

4.1 Methodology and Tools
CHAPTER 5: REQUIRED ANALYSIS
5.1 Hardware Requirements

CHAPTER 6. ADVANTAGES AND DISADVANTAGES

6.1 Advantages
6.2 Disadvantages

CHAPTER 7: FUTURE SCOPE

7.1 Future Scope

CONCLUSION

REFERANCE
Chapter 1: INTRODUCTION
Introduction
In the age of digitalization and increasing reliance on online services, the
importance of safeguarding user data and ensuring secure access to digital platforms
cannot be overstated. A robust and dependable login authentication system is the
first line of defense against unauthorized access and data breaches. This project aims
to design, develop, and implement a secure login authentication system that not only
protects user accounts but also provides a seamless and user-friendly experience.
The significance of this project lies in its ability to address the growing
concerns related to online security, privacy, and the integrity of personal and
sensitive information. As the digital landscape continues to evolve, malicious actors
are constantly seeking ways to exploit vulnerabilities and gain unauthorized access
to user accounts. Therefore, a strong authentication system is essential to mitigate
these threats and provide users with the confidence that their information is well-
protected.
This project will focus on the development of a multi-faceted authentication
system that incorporates the latest security measures, such as two-factor
authentication (2FA), biometric authentication, and robust password hashing
techniques. It will also emphasize usability, ensuring that the login process is user-
friendly, efficient, and adaptable to various platforms and devices.
Additionally, the project will consider scalability, as the authentication system
should accommodate the needs of both small-scale applications and large-scale
enterprises. Security, usability, and scalability will be at the forefront of this project's
objectives.
The secure login authentication system will not only benefit individual users
but also organizations across industries, including e-commerce, finance, healthcare,
and more. It will contribute to building trust, reducing security risks, and enhancing
the overall online experience.
By the end of this project, we aim to provide a comprehensive and adaptable
secure login authentication system that serves as a reliable and fundamental pillar in
the ongoing battle to protect digital assets and secure online interactions.
1.1 Idea of project

The central idea behind a secure login authentication system project is to create a
reliable and fortified framework that guarantees the protection of digital assets and
sensitive information. In an era marked by escalating cybersecurity concerns, this
concept is designed to address the critical need for ensuring that only authorized
individuals gain access to specific digital resources. It involves verifying the identity
of users through methods such as passwords, biometrics, or multi-factor
authentication, thus preventing unauthorized entry. This project also emphasizes the
safeguarding of sensitive user data from potential security breaches and ensures
strict access control, allowing users to access only the resources that align with their
designated roles and permissions. Additionally, it underscores the significance of
user privacy and compliance with data protection regulations while incorporating
industry-standard security practices and encryption techniques to fortify security.
The project seeks to strike a balance between robust security measures and a user-
friendly interface, making the authentication process seamless for legitimate users,
while staying adaptable and continually updated to address evolving security threats
effectively. Ultimately, it aims to uphold the integrity, confidentiality, and
availability of digital assets, playing a pivotal role in safeguarding user accounts,
financial data, personal information, and other critical resources in the contemporary
digital landscape.
1.2 Motivation of project

Authentication is an activity to authenticate the person credential that washes

to perform the activity. If the credential is matched, the process is completed and the
user will be granted for the access. Generally, the user will need to provide their
password to begin using a service of the system. According to Rouse (2014), user
authentication authorized human-to-machine interactions in operating systems and
applications as well as both wired and wireless networks to enable access to
networked and Internet-connected systems, applications and resources.

The password is added to the sharing operating system in 1960s. However, the
problem arose very quick due to the leakage of the unencrypted password master
file. When reaching 1970s, the password started to be stored in the hashed form. In
1979, the hashed password was improved with the salting. With the mid-1990s
introduce of the World Wide Web, the password is secure using the public-key
cryptography via secure sockets layer(SSL) client certificates. The password is then
started to link to the email and two-factor authentication is introduced. In the early
of 2010s, the smartphone starts to be widely used. The reason for the implementation
is also because of the free smartphone applications to act as a second factor based
on the emerging time-based-one-time-pad (TOTP) standard. TOTP is an algorithm
that computes a one-time password from a shared secret key and the current time.
There are also services provided by sending codes via short message service (SMS)
as a backup authentication mechanism.

QR code is named after quick response because of the high-speed reading. QR code
is an evolution of the barcodes. The evolution occurs due to the limitation of the
barcodes which only can hold 20 alphanumeric characters. The outcome
of the QR code is a huge success due to it can store 7,000 numerals with
the additional capability to code Kanji characters was finally created.
With the current technology, the QR code is scanned can help to redirect
to a website or coupon.
1.3 Brief Description
A secure login authentication system project is a vital component of modern
information technology, providing a robust barrier against unauthorized access and
data breaches. This system facilitates controlled entry to applications, services, or
resources by confirming the identity of users through a variety of security
mechanisms. These may include password-based verification, biometrics like
fingerprints or facial recognition, and multi-factor authentication. It also manages
the sensitive user data securely, implementing encryption and hashing techniques to
protect against potential security breaches. Access control features further restrict or
grant user privileges based on their roles and permissions. Regular updates, logging,
and auditing mechanisms are in place to continually monitor and strengthen security,
ensuring the confidentiality and integrity of user data while providing a user-friendly
interface for seamless user interaction. The objective of such a project is to fortify
the system against security threats and maintain the privacy and security of user
accounts and data.
1.4 Project Objectives
1. The main objective is to implement a secure login authentication
system with utilizing with two-factor authentications. By using the
concept two-factor authentication could help to increase the strength of
the login system. The attacker will need to pass through the next barrier
of defence to success to log in. This system will help to enhance the login
authentication system.
2. Next objective is to ensure login password will not be transmitted
over the network. As compared to the previous solution, the password is
just encrypted, but the attackers might succeed to decide the data and
retrieve the password. So in order to prevent this happens, the password
with the random key will need to be hash before the sender sends the
password to the server. It is important to secure the password of the user.
3. Apart from that, third objective will be to generate the one time
password offline. This will help in perform the login procedure if there is
a limited connection of wi-fi or mobile signal is weak. It will help the user
who lives in the countryside which has a weak phone signal.
4. Lastly, the fourth objective is to ensure the system is protected from
rainbow table attack. The rainbow table will act as a dictionary store and
optimized for hashes and password. So, the random key is repeated, the
password will be retrieved. So, the random key should be long enough to
cause the attackers to use a longer time to generate the rainbow table.
CHAPTER 2: LITERATURE REVIEW

2.1 Literature Survey for Problem Identification

A comprehensive literature survey in the field of secure login
authentication systems highlights the ongoing and critical challenges
facing the digital security landscape. Traditional password-based
authentication methods have been extensively studied and are recognized
for their inherent vulnerabilities. These include susceptibility to various
attacks such as brute force, phishing, and dictionary attacks.
Consequently, numerous research efforts have been dedicated to
exploring alternative authentication methods, such as biometrics, two-
factor authentication (2FA), and multi-factor authentication (MFA), all
aimed at improving the overall security of login processes. Additionally,
emerging technologies like behavioral biometrics, blockchain, and
machine learning have shown great potential in bolstering security.
However, despite these advances, issues related to usability, privacy, and
scalability continue to pose significant challenges, highlighting the
pressing need for innovative solutions.
In recent years, the landscape of secure login authentication has
seen a growing emphasis on biometric technologies. Biometrics, which
include fingerprint recognition, facial recognition, and iris scans, offer the
promise of stronger security by using unique physiological and behavioral
traits for authentication. This approach has garnered substantial attention
in the literature, as it provides an additional layer of security beyond
traditional username and password combinations. Researchers have
delved into the development of biometric authentication systems,
addressing issues like accuracy, robustness, and user acceptance.
However, biometrics also raise concerns related to privacy, as they
involve the collection and storage of sensitive personal information.
Balancing the benefits of biometrics with the protection of user privacy
remains an ongoing research challenge.
Furthermore, the literature survey reveals the growing relevance of
two-factor authentication (2FA) and multi-factor authentication (MFA) as
effective strategies for enhancing login security. 2FA and MFA require
users to provide multiple forms of authentication, such as something they
know (a password) and something they have (a mobile device or smart
card). These methods have shown significant promise in thwarting
unauthorized access, especially in high-security applications.
Nevertheless, the implementation of 2FA and MFA should consider the
trade-offs between security and usability, as overly complex systems can
discourage user adoption. This dilemma underscores the need for research
that strikes the right balance between enhanced security and a seamless
user experience, ensuring that login authentication remains both secure
and accessible.
In conclusion, the literature survey underscores the complex and
evolving landscape of secure login authentication systems. While
promising strides have been made in the field, challenges related to
usability, privacy, and scalability persist. The ongoing exploration of
biometrics, 2FA, and MFA, along with the integration of emerging
technologies, offers a path towards more secure login authentication.
However, achieving the delicate balance between robust security and
user-friendliness remains a central problem. As the digital environment
continues to evolve, the importance of innovative solutions for secure
login authentication becomes increasingly clear, calling for continued
research and development in this critical area.
2.2 Two-factor Authentication
Two-factor authentication has been introduced long time ago. It is also known
as the two-step verification. The organization will implement this method because it
is easy the implement it. They can save the cost from replacing the existing system
and increase security level by adding a layer of security that protects the existing
authentication system.
The reason for the two-factor authentication is been started to use by many
organizations is because of the ease of implementation of the method. They do not
require to replace the existing system but just increase security level by adding a
layer of security that protects the existing authentication system. The process will
require 2 reliable authentication factors which is something the users knows such as
alphanumeric password, something user has such as the phone and something the
user is such as biological unique features (eg. Fingerprint).
Two-factor authentication is an evolvement from single-factor authentication
which only requires the password of the user. However, single-factor authentication
is no longer secure due to user tends to have the weak password which is common.
Users also tend to have the same password for multiple accounts. This provides a
chance for the hacker to succeed in password exploitation. The two-factor
authentication helps to provide an additional layer of security.
In two factor authentication, the user provides dual means of identification,
one of which is typically a physical token, such as a card and the other of which is
typically something memorized, such as security code. The aim of the multifactor is
to create a more difficult step for attackers/ unauthorized people to access a target.
This mechanism still able to be secure if there is still existing a barrier to breach
before accessing the target.
2.3 One Time Password (OTP)
A one-time password is a password that is valid for only one login session
or transaction, on a computer system or other digital device. The OTP
authentication main idea is to provide infinite factors and create different password
every time during user logging in to improve the security of the system. OTP is
used in conjunction with a token. The token and corresponding authentication
server share the same algorithm. The algorithm is different for each user's token to
prevent attackers break the algorithm. A number of OTP systems also aim to
ensure that a session cannot easily be intercepted or impersonated without
knowledge of unpredictable data created during the previous session, thus reducing
the attack surface further.
The OTP authentication system is implemented by two main mechanisms.
The first mechanism is the challenge-response mode. The system will generate a
challenge to the user when the user is logging in. The OTP is generated by combining
user keyed in the password and challenge generate by the system. The user will need
to key in the OTP to log in successfully.

Figure 2-2 Challenge-response mechanism.

The next mechanism is time synchronization. This mechanism will use

the user login time to generate the random number. The user can generate
the password combining his passphrase. OTP also only valid for a short
period of time only.
2.4 Cryptography
Cryptography is the study to generate the secret message between
the sender and the receiver. The main goal of the cryptography is
authentication, privacy, integrity, non-repudiation and access control.
Encryption is a process that converts the message into unreadable
using some algorithm. It is one of the processes that applying the
cryptography. Encryption is a step that transforms or convert the data into
a random and meaningless message. In another word, it can be said as is
a process to convert plaintext into the ciphertext.

Figure 2-3 Encryption process flow. (Symmetric and Asymmetric Encryption)

Decryption is the vice versa of the encryption which will convert

the data into the meaning form. It is a process to transform ciphertext into
plain text.
In order to perform the cryptography, the cryptographic algorithm
is needed to act as a mathematical function and steps to perform
encryption and decryption. The purpose of the cryptography is to
increases the difficulties for the attackers to decrypt the ciphertext without
given the actual key to be decrypted.
Many sites store the password in the encrypted form in their
database on the server. They will use a special key to convert the password
into a random string which is a ciphertext. If the user without the key, they
will not able to obtain the password but just a random string. However, it
is reversible where there is the chance of success decryption by attackers.
CHAPTER 3:- PROPOSED METHOD/APPROACH

3.1 Project Role

A secure login authentication system project relies on several critical roles
for its success. The Project Manager provides overall guidance and
resource allocation, the Security Architect designs security measures,
Software Developers create the system, and Quality Assurance Engineers
rigorously test its security and functionality.
Second paragraph: This diverse team ensures a robust, user-friendly
system compliant with regulations. Collaboration among these roles is
vital to achieve a secure authentication solution that safeguards user data
and privacy while delivering a seamless login experience.

3.2 Project plan

The project plan for implementing a secure login authentication
system encompasses various critical phases. Initially, the project initiation
phase sets the groundwork by defining objectives, identifying
stakeholders, and establishing a project team. It involves appointing a
Project Manager to oversee the project and establishing a timeline with
key milestones.
In the requirements gathering phase, the project focuses on defining
the system's functional and non-functional requirements, conducting a
risk assessment to identify potential security threats, and ensuring
compliance with relevant data protection regulations and industry
standards.
3.3 System Design

System design theory involves the systematic planning and

structuring of a complex system to achieve specific objectives efficiently
and reliably. It encompasses the identification of system components,
their interactions, and the allocation of functions to these components. By
applying principles of modularity, scalability, and maintainability, system
design theory ensures that a system can adapt to changing requirements
and remain robust. It also emphasizes the use of design patterns and best
practices to create elegant and effective solutions to real-world problems.
This approach is fundamental in various domains, including software
development, engineering, and architecture, to build well-organized and
functional systems.
CHAPTER 4: IMPLEMENTATION DETAILS
4.1 Methodology and Tools
1. Smartphone

The phone is used to generate a random key when it's camera is used to
scan with the QR code. So, the smartphone used with the features of can
download and install a new application and must have a camera which can
be used to scan QR code.
2. Laptop

The system also requires a server to perform authentication service.

Instead of using a real server to set up the system, the laptop is used to be
a virtual server. The laptop also will be used to surf the site built to log in.
CHAPTER 5: REQUIRED ANALYSIS

5.1 Hardware Requirements:

Sr. Resources Configuration

No.

1. Processor Intel® Core i5

2. RAM 8GB

Windows 11
3. Operating System
CHAPTER 6: ADVANTAGES AND DISADVANTAGES

6.1 Advantages
1. User Identity Verification: Secure authentication systems ensure that
users are who they claim to be, preventing unauthorized access to
accounts and data.
2. Data Protection: Strong authentication measures protect sensitive user
data and confidential information from being compromised or stolen by
malicious actors.
3. Reduced Unauthorized Access: A secure authentication system helps
prevent unauthorized individuals from gaining access to user accounts and
systems.
4. Prevention of Identity Theft: Robust authentication methods help
safeguard against identity theft, as they make it much more difficult for
attackers to impersonate legitimate users.
5. Mitigation of Password-Related Risks: Secure authentication systems
reduce the risk of password-related vulnerabilities, such as password
guessing, brute force attacks, and credential stuffing.
6. Improved User Trust: Users are more likely to trust a service or
platform that has a secure authentication system in place, which can
enhance the reputation of the organization.
7. Regulatory Compliance: Many industries and jurisdictions have
specific requirements for data security and authentication. Implementing
a secure authentication system can help organizations meet regulatory
compliance requirements.
8. Single Sign-On (SSO): SSO systems streamline user access by allowing
them to log in once and access multiple services or applications,
improving user experience while maintaining security.
6.2 Disadvantages

1. Usability Challenges: Overly complex authentication methods or

stringent password policies can frustrate users and lead to poor user
experiences. Striking the right balance between security and usability is
crucial.
2. Forgotten Credentials: Strong authentication systems often require
users to create complex passwords or use multi-factor authentication
(MFA). This can increase the likelihood of users forgetting their
credentials and requiring account recovery processes, which can be time-
consuming.
3. Initial Setup Complexity: Implementing and configuring a secure
authentication system can be complex and require expertise, potentially
leading to challenges during the initial setup phase.
4. User Resistance: Users may resist adopting new, more secure
authentication methods, especially if they perceive them as inconvenient
or time-consuming. This resistance can undermine the effectiveness of the
system.
5. Costs: Implementing and maintaining a secure authentication system
can be costly. Costs may include hardware, software, maintenance, and
support, which can be a barrier for some organizations.
6. Phishing Risks: While secure authentication can protect against many
threats, it does not necessarily defend against phishing attacks. Attackers
can still trick users into revealing their credentials or authentication codes
through deceptive means.
7. Account Lockout: Overly aggressive account lockout policies in
response to multiple failed login attempts can lead to legitimate users
being locked out of their accounts due to simple mistakes or forgetfulness.
CHAPTER 7: FUTURE SCOPE

7.1 Future Scope

The future of secure login authentication systems is poised for significant
advancement as technology and cybersecurity concerns continue to shape
the landscape. Emerging trends point toward a future where
authentication methods will be more secure and user-friendly. Biometric
authentication, encompassing facial recognition, fingerprint scans, and
behavioral biometrics, is expected to become more prevalent, offering
heightened security and convenience. The elimination of passwords in
favor of passwordless methods, such as mobile apps, tokens, or
biometrics, is gaining traction. Multi-factor authentication (MFA) will
remain central, evolving to include additional factors like location-based
or device-based authentication. Continuous authentication systems, which
monitor user behavior and trigger re-verification for unusual activities,
will enhance security. Adaptive authentication, blockchain-based
identity, and the Zero Trust model will all contribute to the future of
secure login authentication, with AI and ML playing a significant role in
threat detection. Mobile device-centric authentication, cryptographic
advances, and IoT authentication will be pivotal in securing a more
connected world. Additionally, decentralized identity, influenced by
blockchain and self-sovereign identity principles, will empower users to
control their personal information for authentication. Amid these
advances, user education and compliance with evolving regulations will
be crucial to ensuring the security and privacy of authentication practices.
The future of secure login authentication will be marked by innovation,
adaptability, and a steadfast commitment to safeguarding user identities
and data.
Conclusion

The project has achieved a huge success to mitigate with

the rainbow table attack where the attackers will need to
generate a huge rainbow table to exploit the system. A huge
rainbow table will require a lot of time to be generated. Apart
from that, the system also uses the 2 factor authentication where
it requires the actual password and OTP to grant success to the
system. Next, one of the huge success where will be the OTP
can be generated without connection to internet which helps to
prevent the attackers to able to retrieve the actual password
from the network flow.
There is some problem faced when implementing the
system where there is the shortage of time to complete and
improve the system. One of the major problem faced is when
the laptop to act as the server of the system is having some
faulty. The faulty cause spends of time and money to be fixed
where time is wasted for the period of fixing.
There is some improvement can be done by the system
where synchronize the OTP with time in order to generate OTP
by selecting the random position character of the hashed
password. The login system also can be improved by ensuring
the password of the user must be more than 8 characters and
with the combination of upper and lower case, numbers and
expression.
REFERANCES:
 Geekforgeeks website
 ChatGPT website
 Google chrome