A session password is a password uniquely generated for every session. The scheme allows the system to automatically generate a session password each time the user logs in. The session password is generated randomly based on the randomly generated grid. The grid is used as a medium for password generation. While registration the user must normally enter his username and password while registering into the system. Now the system stores this password and uses it to generate a unique session password while user logs in the next time. This session based authentication system uses the user password and compares alphabets contained alongside a 6*6 grid with letters a-z and numbers 0-9. The user needs to know the original password and the generation scheme to enter the exact password.
Consider the following example for password generation Scheme:
- Suppose user registers with password c3g9mx.
- Now we break the string as |c3| |g9| |mx|
- Next step would be to find the element in grid with row of c and column of 9. So that would be f
- Similarly the session password for c3g9mx would be flr
- The next time user logs in the grid elements are reordered in a random order.
- So a new session password is generated based on the grid arrangement.