Abstract: Authentication to users account to access web services online is achieved using passwords. These passwords are prone to guessing attacks namely brute force and dictionary attacks. Password guessing attack is a method of gaining unauthorized access to one’s computer system. Online guessing of passwords is commonly observed in web based applications where users login a number of time to access the details. The guessing attacks on passwords over online are widely spread which reduces the convenience to the legitimate users. Different types of Turing tests are used to prevent legitimate users from such attacks with certain inconvenience to the valid users. On the other hand users also generally prefer common and easy passwords which are weak and make online guessing attacks much easier. The modified password guessing resistant protocol overcomes these online guessing attacks mainly brute force and dictionary attacks. This is achieved by limiting the number of attempts made during login. Aim of this paper is to provide convenient and secured login to the legitimate users which is by blocking the IP address from which there are more number of failed login attempts.

Keywords: Online Password Guessing Attacks, Brute Force Attacks, Dictionary Attack, PGRP, ATTs.