In real life, many scenarios require password verification to authenticate a user. For example, when the user logs into a website, makes a payment at a shopping mall, or withdraws cash at a bank or an automatic teller machine (ATM), the user needs to register at the website or open an account at a bank. When registering or opening the account, the user needs to set a user name and a password to facilitate shopping via an online bank or use a bank card to withdraw cash at the bank or the ATM.
Existing systems of the website or the bank require the user to input a complete account number and password and match the account number and password provided by the terminal with its stored account number and password. When the account number and password provided by the terminal match the stored account number and password, the existing systems determine that the current terminal successfully logs into the account and allows the current terminal to further visit data that is open to the user according to a privilege of the account. However, there are certain security risks of the existing systems. For example, when the account name of the website or the bank account number of the user is obtained by a hacker, the hacker may use password decryption software to continuously send a login request to a server of the website. Each login request may use a different password such that the password of the user is decrypted by traversing. As the current website does not require the password changes for each input, the existing password is easily decrypted. Once the password is decrypted, a pre-deposit amount of the user at the website may be appropriated or the account and password of the user at the online bank is leaked, thereby causing the hacker to transfer the user's asset.