Improving Security of E- Commerce application by using Multifactor Authentication

All e-commerce environments require support for security properties such as authentication, authorization, data confidentiality, and non -repudiation. The most common method of authentication or protection against intrusion in a computer system is to use alphanumeric usernames and password. Choosing a strong password and protecting the chosen password has always been a popular topic among security researchers. Studies reveal that users today have on an average approximately 15 passwords – protected accounts. One password may be easy to remember, but handling many passwords is time-consuming task and a security hazard. Every forgotten or lost password results in significant cost. Passwords are not secured at all as they can be guess they can be stolen. To overcome weakness of passwords we need stronger authentication solutions. Till date many techniques are proposed for protecting the passwords and tried to eliminate password hacking problem. Many biometric authentications have been proposed; however, users tend to resist using biometrics because of their intrusiveness and the effect on their privacy. In this paper, we present and evaluate our contribution, on the multifactor authentication technique. We tried to enhance the security by using multifactor authentication. In which two three factors are taken in to consideration what the requestor knows i.e. password, challenge response and what the owner has i.e. USB token. General Terms Web Application Security