With the development of Internet technology, networking utilization becomes more and more popular, such as online banking, online trading, virtual private network (VPN), etc. These kinds of networking utilization involve some sensitive information (e.g., financial or social data associated with a user), which requires high security. For example, a user may request identity authentication to conduct transactions online.
The conventional technology for protect user information is mainly implemented using multiple processes of authentication, such as a license authentication, an email authentication, etc. However, the authentication certificate has problems. For example, a license has to be installed and therefore is limited to be used on the computer that is currently being used. Moreover, the email authentication has a risk that an account for authentication can be stolen.
With the increasing complexity of scenarios, implementation of dynamic passwords (e.g., One Time Password as a dynamic password (OTP)) are gradually gaining favor. For example, hardware products, such as “e-payment security service of Alipay” and “e-payment security service of NetEase,” are widely used. These hardware products are easy to carry, have high security, and are easy to use. However, these hardware products are also easy to lose as well as expensive, and have limited time period for the usage.
A dynamic password product of a mobile device (e.g., a mobile phone, a tablet computer, etc.) is a user terminal software for a mobile device, and can be used to generate a dynamic password. During a process of password generation, there is not any communication required for the mobile device; so the password would not be intercepted in a communicating channel, and the process is not affected if the mobile device is in arrear or fails to receive signals. Since the dynamic password product of a mobile device has many advantages (e.g., high security, low-cost, no need to extra carry, no business distributing process required, etc.), it is gradually becoming a mainstream product of mobile communicating password authenticating.
A dynamic password product of a mobile device is implemented by displaying a dynamic password according to a time section. The product also ensures that the mobile device terminal and the server terminal are both using the same algorithm that is calculating to obtain the same numbers or the same alphabets. In general, techniques for password authentication cause a dynamic password product of a mobile device to display a password in the form of numbers or letters on a mobile device, allow a user to enter the password in a user terminal, and then facilitate the user terminal to execute password authentication. The techniques also may compare the password entered and the password retrieved from a server terminal to thus determine whether the user is authorized to access the information.
Since the password is in form of numbers or letters, the authentication process is inevitably executed after the numbers or the letters are entered into an input field(s). Therefore, a phishing site or a fake user terminal is able to produce a false password easily. In other words, the conventional authentication process has a high risk of being cheated by a malicious side, and therefore leads to low online security.
In summary, there is an urgent need for a person skilled in the art to solve the technical problem regarding how to improve the password authentication.