‫‪MAY 24, 2022‬‬

‫‪UNIVERSITY OF SCIENCE AND TECHNOLOGY‬‬

‫‪SANA’A YEMEN‬‬

‫‪TWO LEVEL IMAGE‬‬

‫‪PASSWORD‬‬
‫‪AUTHENTICATION‬‬
‫‪:‬عمل الطالب‬
‫عبدالرزاق عبدالفتاح حسين الحمري‬
‫عبدهللا عبدالمغني ياسين األديمي‬
‫احمد حسن عمر الشيخ‬

‫‪:‬أشراف الدكتور‬
‫صادق الطويل‬
 Abstract

User authentication is very important for computer security due to the rapid growth of mobile
Internet. There are many types of user authentication systems, but the most common type of
user authentication is alphanumeric usernames or passwords, which have significant drawbacks.
The main problem with these authentication systems is the unwillingness of users to remember
long, difficult combinations of numbers, letters, and symbols that can be easily stolen, lost,
forged, or forgotten because human memory is limited. Also, users tend to use weak passwords
that are vulnerable to various attacks such as brute force attacks and dictionary attacks.
Therefore, there is an alternative to text-based passwords, namely Face recognition passwords,
which have the potential to be superior to text-based passwords because passwords are
necessary and play an important role to meet the modern society.
The face recognition protocol prevents eavesdropping by hackers because the password is not
sent over an insecure channel such as the Internet. Those two-level passwords – face and text
authentications – are difficult to be stolen or copied.
 Table of Contents

Abstract
Chapter 1
Introduction 1
1.1 Overview……………………………………………………………………………………………………………………………………1
1.2 Problem Statement……………………………………………………………………………………………………………………1
1.3 Objectives………………………………………………………………………………………………………………………………….2
1.4 Scope………………………………………………………………………………………………………………………………………..2
1.5 Importance of The Study…………………………………………………………………………………………………………..2
1.6 Tools of The Study…………………………………………………………………………………………………………………….3
1.6.1 Hardware………………………………………………………………………………………………………………………3
1.6.2 Software……………………………………………………………………………………………………………………….3
1.7 Task Scheduling of The Study……………………………………………………………………………………………………4
1.8 Organization of The Study………………………………………………………………………………………………………..6
Chapter 2………………………………………………………………………………………………………………………………………..7
Literature Review……………………………………………………………………………………………………………………………7
2.1 Introduction…………………………………………………………………………………………………………………………...7
2.2 Background…………………………………………………………………………………………………………………………….7
2.3 Literature Review……………………………………………………………………………………………………………………8
2.3.1 Security Analysis and implementation of 2-level security system using Image
Based authentication……………………………………………………………………………………….8
2.3.2 Implementation of security system by using 2-level authentication………………….9
2.3.3 T ow Level Password Authentication System…………………………………………………..9
2.4 Limitations of The Literature Review……………………………………………………………………………………….10
2.5 Proposed Method……………………………………………………………………………………………………………………11
2.6 Previous Research Review……………………………………………………………………………………………………….11
2.7 Chapter Summary……………………………………………………………………………………………………………………12
Chapter 3…………………………………………………………………………………………………………………………………………13
Methodology……..……………………………………………………………………………………………………………………………13
3.1 Introduction…………………………………………………………………...………………………………………………………13
3.2 Textual Password Authentication (Level 1)………………………………………………………………………………13
3.3 Pattern Password Authentication (Level 2)………………………………………………………………………………16
3.5 Logical Model………………………………………………………………………………………………………………………….18
3.5.1 Flowchart……………………………………………………………………………………………………………………..18
3.5.1.1 Registration Process Flowchart……………………………………………..………………………..
3.5.1.2 Login Process Flowchart…………………………………………………………………………..……..
3.5.2 Activity Diagram……………………………………………………………………..……………………………………19
3.5.3 Use Case Diagram………………………………………………………………………………………..………………20
3.5.3.1 Use Case Specification………………………………………………………………………………….20
3.6 Chapter Summary………………………………………………………………………………………………………………..25
Chapter 4…………………………………………………………………………………………………………………………………….26
Implementation…………………………………………………………………………………………………………………………..26
4.1 Introduction…………………………………………………………………………………………………………………….26
4.2 User Interface…………………………………………………………………………………………………………………26
4.3 Implementation of two-level passwords………………………………………………………………………26
4.4 Design Interface……………………………………………………………………………………………………………..26
4.4.1 Homepage Interface………………………………………………………………………………………………26
4.4.2 Register Interface…………………………………………………………………………………………………..26
4.4.3 Login Interface……………………………………………………………………………………………………….26
4.5 Test Case……………………………………………………………………………………………………………………….26
4.5.1 User Register………………………………………………………………………………………………………..26
4.5.2 User Login…………………………………………………………………………………………………………….26
4.6 Summary……………………………………………………………………………………………………………………….26
Chapter 5…………………………………………………………………………………………………………………………………….26
Conclusion………………………………………………………………………………………………………………………………….26
5.1 Introduction……………………………………………………………………………………………………………………26
5.2 Future Work……………………………………………………………………………………………………………………26
5.3 Summary………………………………………………………………………………………………………………………..26
References ………………………………………………………………………………………………………………………………….26
APPENDIX…………………………………………………………………………………………………………………………………….26
 CHAPTER 1

INTRODUCTION

1.1 Overview

Security is that the degree of protection to safeguard a nation, union of states, persons or person
against danger, damage, loss, and crime. Security as a kind of protection is structures and processes that
give or improve security as a condition. Security has got to be compared to connected concepts: safety,
continuity, responsibility. Today providing security is considered as a major problem in several areas
which may include internet banking, and in some areas where high level of security to preserved
confidentiality of users’ data. Using static passwords alone makes it easy for the hackers to hack the
users’ account [1]. So, Authentication and security are two terms which are interrelated. Authentication
is the act of confirming the exactness of an attribute of a distinct piece of data (datum) or entity. It is
actually the process of confirming the identity. Authentication often involves verifying the legitimacy of
at least one form of identification. Security is the capability of a system to protect information and
system resources with respect to confidentiality and integrity. The two-level security system aims to
guarantee more security through its Two level which are Text Password; Face recognition.

1.2 Problem Statement

Password-based authentication is one of the simplest and most common authentication mechanisms
used to ensure security. Nevertheless, people prefer to create short and simple passwords that are easy
to recognize. Thus, these types of passwords are easy to predict and can cause great harms to users and
their data - stolen or deleted. In addition, usual authentication such as passwords are not suitable for
users to remember long, difficult combinations of numbers, letters, and symbols that can be easily
copied or guessed. Also, users are prohibited from including numbers or special characters in their
passwords because some policies make passwords difficult to remember. Finally, password theft can
occur on a daily basis because the password is not secure and can easily allow attackers to steal or hack
data. This can reduce the security level of a system. Therefore, users should choose a secure password
that combines letters, numbers, and symbols – secure and easy to remember to users [1].

1
1.3 Objectives

The aim of this Study is to make effectiveness and efficiency of two level authentication in a good
manner to embrace the security system. The objectives are:

1. To design an implementation of password authentication that give the highest

security in authenticating users.
2. To implement the applications/system that more user friendly.
3. To test and evaluate the authentication scheme in preventing unauthorized
access.

1.4 Scope

Clearly, the main highlight of this project is to implement the security system by using two level
authentication password which involves the user and system. The scope is involved the user scope and
also system scope.

Firstly, for user’s scope, the user is able to register the application as a user. Besides, the users are also
able to provide data regarding the registration form. The data is collected when the users done
registered. This system is focusing on a firm or industry or institute where it will accessible only to some
higher designation holding people, who need to store and maintain the crucial and confidential data
secure.

The system’s scope is using two existing schemes which are text-based password, face recognition
passwords. The users need to input correct password in the previous level before continuing with the
next level. So, this will help to improve the security level in authentication.

1.5 Importance of The Study

Authentication is any protocol or process that permits one entity to establish the identity of another
entity. Nowadays, we can say password is mostly widely used to verify and authenticate users. For
instance, online banking system is important to have high security level to secure users’ accounts and
protect their asset as well as their personal data from malicious hands. One of the methods to secure
system is by using password. Password is a secret word or phrase created by the user in ensuring
unauthorized user cannot access the restricted resource.

2
1.6 Tools of The Study

1.6.1 Hardware

Table (1-1) Hardware Used.

Hardware Description Purpose of use

3 LAPTOPS TOSHIPA & HAWAYI & IMPLEMENTATION
LENOVO
2 Processors Core i5 & core i7 IMPLEMENTATION
Hard disk 10GB IMPLEMENTATION
Memory 5GB IMPLEMENTATION

1.6.2 Software

Table (1-2) Software Used

Software Description Purpose of use

Application Microsoft used Documentation
Power point Presentation
SAP Power Designer Modeling
Visual Studio code Designing & Programming
Mango database Design Data base

Language JavaScript , HTML5,CSS Programming

3
1.7 Task Scheduling of The Study

Task Name Duration Start Finish Predecessors Resource Names Actual Cost
two level Password
Sun Wed
Authentication 20 days $1.00
12/12/21 1/12/22
documentation
Sun Wed
Introduction 7 days Cost[$1.00] $1.00
12/12/21 12/22/21
Sun Mon
Overview 1 day ‫أحمد الشيخ‬ $0.00
12/12/21 12/13/21
Mon Tue
Problem Statement 1 day 3 ‫أحمد الشيخ‬ $0.00
12/13/21 12/14/21
Tue Wed
Objectives 1 day 4 ‫أحمد الشيخ‬ $0.00
12/14/21 12/15/21
Sun Tue
Scope of the study 2 days ‫عبدهللا األديمي‬ $0.00
12/12/21 12/14/21
Importance of the Tue Sat
2 days 6 ‫عبدهللا األديمي‬ $0.00
study 12/14/21 12/18/21
Sat Wed
Tools of the Study 3 days $0.00
12/18/21 12/22/21
Sat Tue
Hardware 2 days 7 ‫عبدهللا األديمي‬ $0.00
12/18/21 12/21/21
Tue Wed
Software 1 day 9 ‫عبدهللا األديمي‬ $0.00
12/21/21 12/22/21
Organization of the Sun Tue
2 days ‫عبدالرزاق الحمري‬ $0.00
study 12/12/21 12/14/21
Tue Tue
Milestone 0 days 11 $0.00
12/14/21 12/14/21
Background and Wed Thu
5 days $0.00
literature review 12/22/21 12/30/21
Wed Sat
Introduction 1 day 10 ‫أحمد الشيخ‬ $0.00
12/22/21 12/25/21
Sat Mon
Background 2 days 14 ‫أحمد الشيخ‬ $0.00
12/25/21 12/27/21
Wed Mon
Literature review 3 days 10 ‫عبدالرزاق الحمري‬ $0.00
12/22/21 12/27/21
Tue Thu
Limitation of LR 2 days 16 ‫عبدالرزاق الحمري‬ $0.00
12/28/21 12/30/21
Proposed Wed Wed
4 days 10 ‫عبدهللا األديمي‬ $0.00
method 12/22/21 12/29/21
Wed Thu
Summary 1 day 18 ‫عبدهللا األديمي‬ $0.00
12/29/21 12/30/21
Milestone 0 days Thu Thu 19 $0.00

4
 12/30/21 12/30/21
Wed
Methodology 8 days Sat 1/1/22 $0.00
1/12/22
Mon
Introduction 2 days Sat 1/1/22 19 ‫عبدهللا األديمي‬ $0.00
1/3/22
The two-level
3 days Sat 1/1/22 Tue 1/4/22 19 ‫أحمد الشيخ‬ $0.00
structure
Mon Tue
Types of passwords 5 days $0.00
1/3/22 1/11/22
Mon
Textual password 2 days Thu 1/6/22 19,22 ‫عبدهللا األديمي‬ $0.00
1/3/22
Face recognition Mon
2 days Thu 1/6/22 25 ‫أحمد الشيخ‬ $0.00
password 1/10/22
Tue Wed
Summary 1 day 27 ‫عبدالرزاق الحمري‬ $0.00
1/11/22 1/12/22
Wed Wed
Milestone 0 days 28 $0.00
1/12/22 1/12/22
Implementation
Sat Sun
Introduction 1 day ‫أحمد الشيخ‬
5/21/22 6/22/22
Sat Sun
User Interface 1 day ‫عبدالرزاق الحمري‬
5/21/22 6/22/22
Implementation of Sat Sun
1 day ‫عبدهللا األديمي‬
Two-level password 5/21/22 6/22/22
Sat Sun
Design Interface 1 day ‫أحمد الشيخ‬
5/21/22 6/22/22
Sat Sun
Test Case 1 day ‫عبدهللا األديمي‬
5/21/22 6/22/22
Sat Sun
Milestone 0 day
5/21/22 6/22/22

5
1.8 Organization of The Study

At this section we will talk about the organization of the study and arrange
chapters and topics which we will do during the study.
Chapter 1
In this chapter will be the overview, describe the problem, the main objectives of
the study, scope and schedule plan.
Chapter 2
Background of the study and literature review.
Chapter 3
The methodology of the study.

Chapter 4
Implementation and testing the program.
Chapter 5
Conclusion and future work.

6
 CHAPTER 2

Literature Review

2.1 Introduction
This chapter is representing the Theoretical background of the study, literature review and the
limitation of the literature review, and lastly, we are representing the proposed method of our
study.

2.2 Background

Authentication is any protocol or procedure that allows one entity to establish the identity of
another entity. Nowadays, it can be said that passwords are widely used to verify and
authenticate users. For example, in online banking systems, it is important to have a high level
of security to secure users' accounts and protect their assets and personal information from
malicious hands. One of the methods to secure the system is to use a password. The password
is a secret word or phrase that is created by the user to ensure that unauthorized users cannot
access the restricted resources. At the same time, it is well known that there is a tension
between the security and usability of passwords. Often, strong passwords are hard to
remember, so it is less usable, while passwords that can be remembered are more predictable.
In order for an authentication system to be practical, two-step authentication is generally
developed to provide additional security [5].
Many systems have been proposed, but they still have their weaknesses. For your information,
Tow-step authentication is a combination of two existing methods which are a text-based
password, a face recognition password to provide better protection. The traditional method is
the text-based password. These types of passwords are strings of letters and numbers. In this
technique, the password is usually short and easily predictable by wrong hands which easily
leads to unwanted activities. Therefore, to increase the security in a system, a tow-step
authentication is suggested to make the security as high as possible it can be.

7
2.3 Literature Review

2.3.1 Security Analysis and implementation of 2-level security

system using Image based authentication
SURABHI ANAND, PRIYA JAIN, NITIN and RAVI RASTOGI
Jabpee university of information technology, INDIA
Increasing security has always been an issue since Internet and Web Development came into
existence, text-based passwords are not enough to counter such problems, which is also an
anachronistic approach now. Therefore, this demands the need for something more secure
along with being more user-friendly Therefore, we have tried to increase the security by
involving a 3-level security approach, involving text-based password at Level 1, Image Based
Authentication at Level 2, and automated generated one-time password (received through an
automated email to the authentic user) at Level 3. And an assiduous effort has been done for
thwarting Shoulder attack, Tempest attack, and Brute-force attack at client This system will
definitely help thwarting Shoulder attack, Tempest attack and brute-force attack at the client
side. 3-Level Security system is definitely a time-consuming approach, as the user has to
traverse through the two levels of security, and will need to refer to his email-id for the one-
time automated generated password. Therefore, this system cannot be a suitable solution for
general security purposes, where time complexity will be an issue. But will definitely be a boon
in areas where high security is the main issue, and time complexity is secondary, as an example
we can take the case of a firm where this system will be accessible only to some higher
designation holding people, who need to store and maintain their crucial and confidential data
secure [2].

8
2.3.2 Implementation of security system by using 3-level
authentication
SALIKKA A/P EH TIP May 2017
University of sultan zainal abidin, Terenggann, Malaysia
we have known that computer security mostly depends on password to verify and authenticate
users. There are many authentication schemes proposed and most of them are still have
weaknesses. Some of them are based on the physical and behavioral properties of the user
such as voice recognition, and some others are based on knowledge of the user such as textual
and graphical passwords. However, these schemes are still not secure enough and allow
attackers to steal the data easily. Moreover, users often use simple password that attackers can
guess easily. Therefore, it needs something for secure and user-friendly authentication schemes
to overcome this problem. In this paper, I present 3-level password authentication scheme to
overcome the problem. The two different levels used in the 3-level password authentication
scheme are text password, pattern-based password and one-time password (OTP).
Based on the research, providing 3-level authentication password scheme is better than a
single-factor authentication because it needs to pass through the 3 levels to authenticate
successfully.
it will certainly be a great enhancement especially in the areas where high security is the main
issue and time complexity is secondary. For instance, application of this system at a firm or
industry or institute where it will be accessible only to some higher designation holding people,
who need to store and maintain the crucial and confidential data secure [1].

9
2.3.3 THREE LEVEL PASSWORD AUTHENTICATION SYSTEM
RAHUL CHOURASIA and DR. N.PARTHEEBAN
Galgotias University, INDIA

Inspire of many efforts taken nowadays still security threats can be seen everywhere. And from
the starting we are using just single level password authentication factors, which is not sufficient
to give more security.
In order to be more secure, we can think of Three Level Password Authentication System. So,
this is an idea to implement three levels password authentication for true users. In short, we
can say, this is to implement three level of security. The First level password constitutes of
simple text-based password and this effort is taken to resist shoulder surfing attack through the
text password. The Color Combination password there is basically three colors red green blue
(RGB) where user can set different combination of colors according to their choice just by
clicking on those colors forms the second level of authentication. Third level uses a Picture
Password there at first user have to select an image in jpg format to use as a password and then
user can set the password by clicking on the image in different places. These three levels of
password in securing the resources from unauthorized use.
The three-level security approach applied for a framework makes it exceptionally secure
alongside being easier to understand. This framework will assist obstructing with bearing
assault, Tempest assault and savage power assault at the customer side.3-Level Security
framework is certainly is a tedious methodology, as the client needs to navigate through the
three degrees of security, and should allude to his email-id for the one-time computerized
created secret word. In this way, this framework can't be a reasonable answer for general
security purposes, where time intricacy will be an issue. Be that as it may, will be an aid in
territories where high security is the principal issue, and time multifaceted nature is auxiliary,
for instance we can take the instance of a firm where this framework will be open just to some
higher assignment holding individuals, who need to store and keep up their pivotal and
classified information secure. In not-so-distant future we will include more highlights as well as
make our framework adjustable. The world is being automated and all the workplaces and
establishments are being modernized. So, the utilization and requirement for this product
won't decrease. Additionally, man consistently prefer to see all works getting increasingly
secure and this undertaking does that [4].

10
2.4 Limitations of Literature Review

- Graphical password will take some time to be recognized and to be

remember by the user.
- There are three authentication scenarios if the user accidentally forgets the
password, it cannot retrieve it.

2.5 Proposed Method

The approach of our project is to make a strong and reliable authentication system to grantee
that the user has the best protection of his application and/or files and the secure user account
and information.
This research paper explains the systematically process of our 2-Level-image-Authentication
program for the users' accounts and protect their assets and personal information. We aim
increase the effectiveness of using two level authentication system to improve the security
system.
Our system involves of a text-based password. The password is a secret word or phrase that is
created by the user to ensure that unauthorized users cannot access the restricted resources, a
face recognition password to provide better protection and easy to use.

2.6 Previous Research Review

In the Literature Review the first study one of the Two level of authentication was an
automated generated one-time password , which means that this type of authentication will
need an internet connection for the user to access his/her assets , now this is a strong
authentication method, but it also can be a restriction for the user, in our system we managed
to make a two level of strong authentication types without the need of an internet connection
to make it more friendly and easier to use in any conditions .

11
2.7 Chapter Summary

In this chapter, from what had been explained above, hopefully this chapter would provide an
overview regarding the concept of the system. Based on the study that had been made, it
shows the literature review, and Previous researches review is one of important parts in
research and we could know whether the idea had been study or not.

12
 CHAPTER 3

Methodology

3.1 Introduction

This chapter is representing the methodology of the study which includes the two-level
password authentication, use case and activity diagrams of the study, the flowchart of the study,
and lastly, this chapter is representing the exceptions of the study that might go wrong.

3.2 Textual Password Authentication (Level 1)

The first level or technique in the study is text-based authentication, this technique is very usual and
common in any computer system because it is easier to any user to use, also its cost effectiveness,
simplicity, and familiarity to users.

Textual password is considered memo metrics mechanism that contains alphanumeric and/or special
keyboard characters which was used as a shared secret to authenticate in systems.

A password is a secret word or phrase with numbers or special characters that gives to user’s access to
resources such as internet, programs, files, messages and etc…

All that just for ensuring unauthorized people not to access the resources of users’ accounts.

That is why passwords should not be easily to be guessed by someone, so this is the reason why users
need a strong secure protection from attackers.

At level 1, users need to register the user ID/username and text password in the system. As we
said before, the password can be numeric, alphabets and any special characters that make sure
it is strong.
To login, users have to reenter the information that being entered in the registration process
that we will talk about it later.

13
 There are some things that users should be considered when they fill in the password which
are:
1. Password should be at least 8 characters long.
2. Password should not be easy to relate to the user.
3. Password cannot be word that can be found in dictionary and public dictionary.
4. It is recommended that users should combine upper- and lower-case letters and digits.
Also, when it comes of choosing a password, we recommend a strategy to users to make strong
and secure password. This strategy as follow:
1. Think of a memorable sentence or phrase containing at least seven or eight words.
2. Select a letter, number, or special character to represent each word in your password, (the
common method is to use the first letter of every word).
3. In a perfect manner, the password should contain a mixture of lower case and upper-case
letters, numbers, punctuation, and special characters (such as & or $).
4. Remember the phrase.
Lastly, we are going to represent the steps or the process of the first level of our study:
Step 1: User submits ID and Password to server through secure channel.
Step 2: If the user is a new user, then he will fill up the form and give all his details to the
system in registration process.
Step 3: Server will check either password is correct or not, if not then display incorrect
password.
Step 4: If password is correct then show successfully login and direct to second level.
Step 5: If password is incorrect then user should go to “Forget Password” then security
questions will be asked to verify if it is the user of the account or not, if it is his/her, the system
will send a code to user’s email. After entering the code, user must enter a new password.
The Figure (3.1) Below clarify the first level authentication.

14
 Figure (3.1) Textual Password

3.3 Face Recognition Password Authentication (Level 2)

Like all biometrics solutions, face recognition technology measures and matches the unique
characteristics for the purposes of identification or authentication. Often leveraging a digital or
connected camera, facial recognition software can detect faces in images, quantify their
features, and then match them against stored templates in a database. There are some
important constraints for using face recognition like Ageing, Long hair etc. Different vendors are
working on resolving these issues. 3D face recognition solves some of the above issues. Using
3D-images the actual 3-dimensional form of the face is evaluated, this is not affected by lighting
and does not change with ageing. Also, different viewing angles can be better compared when
using 3D images as shown in Figure (3.2).
Most of the services that help make the facial recognition are online and paid services;
however, what we are trying to do is making our own service offline.

15
 Figure (3.2) Face Password

3.5 Logical Model

3.5.1 Flowchart
3.5.1.1 Registration Process Flowchart

Figure (3.3) Registration Flowchart

16
3.5.1.2 Login Process Flowchart

Figure (3.4) Login Flowchart

17
3.5.2 Activity Diagram

Figure (3.5) Activity Diagram

18
3.5.3 Use case Diagram

Figure (3.6) Use case

3.5.3.1 Use case Specification

19
 U-1: Registration
- Brief description:
This use case begins when the user logs onto the registration
System.
- Basic flow:
- This use case begins when user click on the registration
Button.
- The system prompt user onto first level of password
Registration.
U-2: textual registration
- Brief description:
This use case begins when the user logs into the registration
system the user needs to enter some personal information and
choose username, user asked to create password and confirm
it again.
-Basic flow:
- this use case begins when the system prompts the user to first
level of password registration.
- the user enters personal information and choose username
and password.
- when user fill information the system prompt into the
Second level of password registration.
U-3: Face Recognition password
- Brief description:
When this use case begins the user will take a picture for the user.
20
- Basic flow:
- this use case begins when the user complete first level
registration.
- The user takes a picture.
- The system moves to the third level of registration

U-6: Textual Login

This use case begins when the user logs into the login
system the user should to enter username, and password.
-Basic flow:
- This use case begins when the system moves the user to first
level of system login
- The user enters username and password.
- The system verifies the password (E-1) and prompt the user
to the second level.
-Exception flow:
 Invalid user textual password is entered.
 The user can re-enter a password or terminate the use-case.
 If user enter more than 7 time the login block 5 minutes.

U-7: Face login

-Brief description:
When this use case begins the user should take a picture.
-Basic flow:
21
 - This use case begins when the user complete first level
login.
- the user takes a picture
- when user takes a picture and submit login, the system moves to
the third level of login (E-1).

-Exception flow:
 Invalid user face recognition is entered.
 The user can retry the process or terminate the use-case.
 If user enter more than 7 time the login block 5 minutes.

3.6 Chapter Summary

Last but not least, methodology is important in a system and
application development. There are a lot of different software
development methodology that available and can be used to develop
any kind of application. The right methodology can help the study run
smoothly according to the specified time. The activities in each phase in
the methodology are explained so that it can be understood easily.

Chapter 4
Implementation
22
 4.1 Introduction
This chapter will cover the implementation and the result of The Face
recognition password to ensure that the system is develop according to the
main objectives and achieve user requirements. This chapter also deals
with system implementation and testing. The implementation is the
writing of code lines, implement the interfaces. Then, testing is phase that
uses to find the bugs in the system by the test with dummy input data.

4.2 User Interface

The functionality between a user and a computer program is the web
browser. An interface is a set of menus or commands that allow a user to
communicate with a program. The interface you fill commands on is
command-driven. The menu-driven interface allows you to choose from
different menus that are shown on the screen. One of the really essential
aspects of any program is the user interface, since it determines how
easier it is to do whatever you want. There is little value to a powerful
program with poorly designed user interfaces. GUIs with windows, icons
and pop-up menus are now common on personal computers.

4.3 Implementation of two-level passwords

For the interface, Html website template and SB Admin has been used. For
the programming language, this system used JavaScript language. It is
widely used. This system used HTML5, CSS and JavaScript for the
validation. Validation is important to make sure user have a minimum
chance to make mistake when inserting data. Open-Source database also
used in this system and the database is MySQL version 5.6.26 – MySQL
Community Server (GPL). Visual studio code used for writing and edit the
code.
4.4 Design Interface
4.4.1 Homepage Interface

23
 Figure (4.4.1) Interface of homepage

Figure (4.4.1) shows the user interface of the homepage of the system.
In this home page of this system, it consists of home, login and register
button.

4.4.2 Register Interface

24
 Figure (4.4.2.1) Interface of Registration

This figure (4.4.2.1) shows the interface of registration page that allows
to register themselves into the database. In this registration page, new
users need to fill up the form which are username, email, password and
confirm password while the details information will be saved in the
database. After that, user will be proceeded to the next step which is
register their password by using face recognition.

25
 Figure (4.4.2.2) Interface for successfully register page

Case 1: If registered successfully

Successful register to the user had successfully registered himself into
the system. The database of the system now contains useful
information of the two levels to log in. Now, the user is successfully
login in with their credentials successfully.
Case 2: If failed to register
Failed to register means the user did not register successfully into the
system database. He might be doing something wrong within the step
in registering himself into a system database such as did not satisfy the
requirement for registration. System database does not contain user
information such as username and the password; therefore, the user
cannot log in into the system, yet and have to try to register himself
into the system database again.

26
 4.4.3 Login Interface

Figure (4.4.3.1) Interface of the Login page

Figure (4.4.3.1) shows the interface login page. User must enter the
details that user key in during registration phase. In the login page, user
has the option to choose what kind of password authentication to be
logged in whether be Text, Face.

Figure (4.4.3.2) Interface of successfully login

27
Case 1: If Login successfully
Successfully Login means that the information that entered by the user
is identical with the database that saved when the user made the
registration.
Case 2: If failed to register
Failed to Login means the user did not enter the password correctly. He
might be doing something wrong within the step of logging into the
system; therefore, the user cannot log in into the system, yet and have
to try to login himself into the system again.

4.5 Modules Used

React.js also known as React.js or
ReactJS is a free and open-
source front-end JavaScript
library for building user
interfaces based on UI
components.
Node.js is an open-source, cross-
platform, back-end JavaScript
runtime environment that runs
on the V8 engine and executes
JavaScript code outside a web
browser.

Bcrypt.js Besides incorporating a salt to

protect against rainbow table
attacks, bcrypt is an adaptive
function: over time, the
iteration count can be
increased to make it slower, so
it remains resistant to brute-
force search attacks even with
increasing computation power.
Express.js Express.js, or simply Express, is

28
 a backend web application
framework for Node.js,
released as free and open-
source software under the MIT
License. It is designed for
building web applications and
APIs. It has been called the de
facto standard server
framework for Node.js.
Joi.js The most powerful schema
description language and data
validator for JavaScript.
Jpeg-js A pure javascript JPEG encoder
and decoder for node.js

Jsonwebtoken An implementation of JSON

Web Tokens. This was
developed against draft-ietf-
oauth-json-web-token-08. It
makes use of node-jws.
Mongoose Mongoose provides a straight-
forward, schema-based
solution to model your
application data. It includes
built-in type casting,
validation, query building,
business logic hooks and more,
out of the box.
Sharp.js Sharp.js typical use case for
this high speed Node.js
module is to convert large
images in common formats to
smaller, web-friendly JPEG,
PNG, WebP, GIF and AVIF
images of varying dimensions.
mongoDB provides a straight-forward,
schema-based solution to
model your application data. It
includes built-in type casting,
validation, query building,
business logic hooks and more,
out of the box.

29
4.6 Test Case
Test case involves a set of test inputs, performance conditions
and expected results for a particular purpose, such as to
exercise a particular program path or verify compliance with a
particular requirement. Process of developing test case may
help to find problem in the requirement or design of an
application.
4.6.1 User Register

Step Procedure Expected Result

1 Localhost:3000 The homepage is
loaded
2 Click join window The register page is
loaded
3 Enter email, username, Username enables
password and confirm to key in email,
password username and
password
4 Click “submit” button The register
information will be
saved in the
database and move
to the next step
5 Click a red button A picture of user’s
face will be taken
and saved in the
database then will
move to the final
step
6 Click “submit” button User registered
successfully

30
Wrong details input of user register

Step Procedure Expected Result

1 Localhost:3000 The homepage is
loaded
2 Click join window The register page is
loaded
3 Enter email, username, password and Username enables to
confirm password key in email,
username and
password
4 Click “submit” button “Username or email
already exist! Please
try
again.” message will
appear.
4.6.2User Login
Step Procedure Expected Result
1 Localhost:3000 The homepage is
loaded
2 Click login window The login page is
loaded
3 Click one of Two levels The icon that
clicked is loaded
4 Click “submit” button The login
information will be
compared in the
database and log in
to the system

Wrong details input of user login

31
Step Procedure Expected Result
1 Localhost:3000 The homepage is
loaded
2 Click login window The login page is
loaded
3 Click one of two levels The icon that clicked is
loaded
4 Click “submit” button The message “Invalid
login” or “Password
didn’t match”
will appear.

4.7 Summary
This chapter was discussed in detail about the
implementation and the testing of the system. In order to
complete whole report, we will go to next chapter that
discussed about the future work.

Chapter 5
32
 Conclusion

5.1 Introduction
Writing a conclusion is the final part of the research paper. In
the last chapter, we are going to discuss the future work of the system
and what our plans to do with the system to make it better and better.

5.2 Future work

In the future, hopefully this system can be applied in the real life
because it may help the users that have very secret data in the system.
To make the system more secure, we think that we add another
password authentication as a third level which is Voice recognition;
another biometric authentication to support the second level.
Another thing we think we should add it to make the system more
secure is google reCAPTCHA that uses an advanced risk analysis engine
and adaptive challenges to keep malicious software from engaging in
abusive activities.

5.3 Summary
At the end, hopefully this alternative password can help the users
to avoid their account get hacked by intruder based on dictionary
attack and brute-force attack.

REFERENCES

33
[1] SALIKKA A/P EH TIP, 2017, IMPLEMENTATION OF SECURITY SYSTEM BY USING 3-LEVEL
AUTHENTICATION.
[2] Surabhi Anand, Priya Jain, Nitin and Ravi Rastogi, 2012, Security Analysis and
Implementation of 3-Level Security System Using Image Based Authentication.

[3] Ashwini Deshpande1, Suchita Singh2, Amrita Kharga3, Dr.Lata Ragha4, 2016, SESSION
PASSWORDS USING THREE LEVEL AUTHENTICATION SYSTEM.
[4] RAHUL CHOURASIA, 2Dr. N. PARTHEEBAN, 2020, THREE LEVEL PASSWORD
AUTHENTICATION SYSTEM.
[5] NURRUL HAFIZZA BINTI MOHD ANIS, 2020, GRAPHICAL PASSWORD AUTHENTICATION
USING CUED CLICK POINT TECHNIQUE COMBINE WITH ZERO KNOWLEDGE PROTOCOLE.

34
APPENDIX

35
36
Gantt Chart of Activities and milestones

37