J. Appl. Environ. Biol. Sci., 4(9S)298-302, 2014 © 2014, TextRoad Publication ISSN: 2090-4274 Journal of Applied Environmental and Biological Sciences www.textroad.com * Corresponding Author: Hashim Ali, Department of Computer Science Abdul Wali Khan University Mardan, KPK, Pakistan. hashimali@awkum.edu.pk Efficient Position Based Operation Code Authentication Hashim Ali, Sheheryar Khan and Shazia Tabassum Department of Computer Science Abdul Wali Khan University Mardan, KPK, Pakistan Received: September 12, 2014 Accepted: November 23, 2014 ABSTRACT Security for application/s is always been a keen issue of concern. In general, safety is to allow access of grant to authorized user or to deny non-authorized access to the system. Shoulder surfing is an observation technique to hack an account or to enter into a system. When a malicious observer is capturing or recording the fingers of a user while he is entering sensitive inputs (PIN, Passwords etc.) and might be able to observe user’s password credential. It is very rigorousfor a novice user to prevent himself from shoulder surfing or unaided observer in a public place while accessing his account. In order to secure the user account, there are five factors of authentication; they are: i. “Rather You have, ii. Rather you are, iii. Rather you know, iv. Somebody you know and v. Rather you Process”. A technique has been developed of fifth factor authentication “Rather you process” to provide novel approach to the user. In this paper, we have applied position based operational code authentication in such a way to more easy and user friendly to the user. KEYWORDS—shoulder surfing; malicious observer; sensitive inputs; authentication. 1 INTRODUCTION In recent days, world IT provides a lot of services to secure application especially for those we need a conventional and easy technique. Traditionally a password is an appropriate and easy mechanism in computer’s security system. Unfortunately, this method is vulnerable to spyware and key-loggers [1]. Password Authenticated Key agreement method is an interactive method to establish cryptographic keys based on the knowledge of, one or more parties, about password [2].The system only needs the user to present something he knows as evidence. That’s he is actually who he claim to be. Password is easily executed but at the same time the password methodology is subject to a number of security threats. Shoulder attack and brute force attack are public security hazard where a genuine user can lose his sensitive information (PIN, password etc.). Users tend to choose simple and easy to remember passwords as opposed to strong alphanumeric passwords which weakens their account security [3]. For example the first letters of the words of a sentence or phrase or proverb, e.g. my name is Sheheryar Khan, so the password will be mnisk. In some cases passwords use are only numeric e.g PIN (personal identification number), briefcase numbers. Sometimes people use short and easy passwords, so that they can remember and type easily. Password rests the most common feature of computer safety, to know that how much the password is strong; it should be analyzed that how much it can resist against the different attacking techniques, applied by hackers like guessing attacks, shoulder attacks, brute force attacks. Password strength depends upon three main factors, i.e. complexity, randomness and length. As the online services are increasing to avail the service the user must need a secure way. Identification of a legitimate user is the demand of computing society. Well, the term “security” has lots of meanings. There are certain places where security needs to be addressed according to the demand of organization. Some of them are listed below: A. Workplace Security Nowadays, almost every individual works under rather hazardous for health conditions. Computers that influence eyesight, poor light, etc. All this may be discussed in workplace security research papers. B. Business Security What laws protect businessmen? What documents should be signed to start your own business? What requirements should be met? 298