Improving Web Application Security by Virtual Password Authentication

Main Article Content

Kamthorn Sarawan


Developing web application that handles valuable information requires an authentication using user identifications (IDs) to control the system access. An ID may contain a username and password. One of the security issues that often occur is that the ID can be stolen by a malicious user for abusive purposes which negatively causes damage to the ID owner. Today, there are many techniques and methods presented to prevent the theft. One of them is to use virtual password. The researcher has proposed a new strategy to enhance system security using the principle of virtual password by creating a virtual character set to randomly matches the real character set and then the output is sent to the server for system-access right verification. The researcher tested the proposed strategy by developing a PHP-language system and analyzed the system security. The finding revealed that the system was secure and was able to prevent itself from various threats i.e. sniffing, phishing, key-logger, and shoulder-surfing. Finally, system performance of the proposed strategy was evaluated and compared against the traditional system. The comparison indicated that the proposed strategy was suitable for use on small to medium systems.



Download data is not yet available.

Article Details

Research Article


“Packet analyzer,” Wikipedia, [Online]. Available: https://en. [Accessed: 15-Sep-2017].

“Wireshark Go Deep,” [Online]. Available: https://www. [Accessed: 15-Sep-2017].

“Man-in-the-middle attack – OWASP,” [Online]. Available: [Accessed: 20-Sep-2017].

“Phishing – OWASP,” [Online]. Available: https://www. [Accessed: 25-Sep-2017].

O. Zaitsev, “Skeleton keys: the purpose and applications of key loggers,” Network Security, vol. 2010, no. 10, pp. 12–17, Oct. 2010.

“Shoulder surfing (computer security),” Wikipedia. [Online]. Available: [Accessed: 15-Jun-2017].

S. Harris, CISSP All-in-One Exam Guide, 6th ed. New York: McGraw-Hill Education, 2012.

X. Gao and P. Hu, “Dynamic Password Authentication System and Method thereof,” US20070186115A1, 09-Aug-2007.

E. Rescorla, “HTTP Over TLS,” [Online]. Available: [Accessed: 15-Jun-2017].

“Session Management Cheat Sheet – OWASP,” [Online]. Available: Management_Cheat_Sheet. [Accessed: 17-Sep-2017].

Lei M, Xaio Y, Vrbsky S V, and Li C C, “Virtual Password Using Random Linear Function for Online Service,” Computer Communications, vol. 31, no. 18, pp. 4367–4375, Dec. 2008.

“Apache JMeter - Apache JMeterTM,” [Online]. Available: [Accessed: 14-Oct-2017].

S. Kanagaraj, S. M. Javith Ibram, K. D. Madhan, and D. Rajkumar, “Differentiated virtual passwords for protecting users from password theft,” International Journal of Engineering Research and Science & Technology, vol. 2, no. 2, pp. 94–100, May 2013.

R. Balaji and V. Roopak, “DPASS - Dynamic password authentication and security system using grid analysis,” in 3rd International Conference on Electronics Computer Technology, 2011, vol. 2, pp. 250–253.

D. Pansa, T. Chomsiri, “Dynamic Password Authentication: Designing step and security analysis,” in 7th International Conference on Computing and Convergence Technology, 2012, pp. 518–523.

S. Prabhu and V. Shah, “Authentication Using Session Based Passwords,” Procedia Computer Science, vol. 45, pp. 460–464, Jan. 2015.

N. R. Rekha, Y. V. S. Rao, K. V. S. S. R. Sarma, “Enhanced Key Life in Online Authentication Systems Using Virtual Password”, Eighth International Conference on Information Technology: New Generations (ITNG), 2011, pp. 366–369.

M. Lei, Y. Xiao, S. V. Vrbsky, C. C. Li, and L. Liu, “A Virtual Password Scheme to Protect Passwords,” in 2008 IEEE International Conference on Communications, 2008, pp. 1536–1540.

Kamthorn Sarawan and Sarayut Kornwirat, “Dynamic Password using Session Technique for Web Application,” in 7th National Conference on Information Technology, 2015, pp.259–264.