Secure Three Level Authentication System

Abstract

This paper presents the design, development, and evaluation of a three-level authentication system. The increasing prevalence of cybercrimes has heightened the need for secure and efficient authentication systems to safeguard sensitive data. Traditional authentication mechanisms such as single factor or two factor systems, relying on text-based passwords, tokens, or biometric data, have been found to have vulnerabilities. This paper introduces a robust and user-friendly Secure Three Level Authentication System that combines text-based passwords, colour pattern recognition, and image-based authentication. By integrating these three methods, the system ensures a multilayered defines against common security threats such as phishing, brute force attacks, and shoulder surfing. The first layer utilizes a passphrase-based text password, designed for ease of use while maintaining complexity. The second layer involves a graphical password using RGB colour patterns, leveraging visual memory for added security. Finally, the third layer employs image-based authentication, where users segment and rearrange a chosen image for secure access. The system is implemented using PYTHON, CSS, and HTML, ensuring a seamless and efficient user experience. Designed with the waterfall model, the authentication process involves registration and login phases, where each layer must be passed sequentially for access. This three-level system addresses the vulnerabilities of conventional methods by increasing password difficulty at each stage. While slightly more time-consuming, it offers significant advantages for applications requiring high security standards, such as corporate environments, sensitive data repositories, and critical infrastructures. Future iterations aim to enhance the system\'s adaptability and user customization. The proposed system represents a significant advancement in authentication technology, providing a balance between usability and security to protect against evolving cyber threats.

Introduction

In today’s digitally connected world, securing data through reliable authentication is critical. Traditional single-factor and two-factor authentication methods, such as passwords and tokens, often fail against advanced cyber threats like phishing and brute-force attacks and may reduce usability. To address these challenges, the project proposes a Secure Three-Level Authentication System that combines three complementary methods: text-based passwords, color pattern recognition, and an image-based puzzle. This layered approach leverages different cognitive skills (textual, visual, spatial), making unauthorized access much harder while maintaining user-friendliness.

The system is developed using Python, HTML, and CSS following the Waterfall model. It features a modular design with a frontend UI for sequential authentication steps, backend logic for credential validation, and encrypted storage of user data. The authentication workflow requires users to successfully pass all three stages to gain access; failure at any level blocks entry, ensuring robust security.

Compared to traditional methods, this system significantly enhances resistance to attacks like shoulder surfing, phishing, and brute force, by adding visual and cognitive layers beyond passwords. User testing confirmed the system is secure and intuitive, with users adapting well despite slightly longer login times. The system suits high-security environments, such as corporate or government data protection, and represents an innovative advancement in multi-factor authentication balancing security and usability.

Conclusion

In an era where cyber threats are increasingly sophisticated and persistent, the need for secure and reliable authentication mechanisms has become more critical than ever. This project presents a Secure Three-Level Authentication System that combines traditional text-based passwords, color pattern recognition, and image-based puzzle authentication to provide a multi-layered defense against unauthorized access. Each level of the system is uniquely designed to address the limitations of conventional authentication methods. The text-based password offers a familiar first layer of protection. The graphical color pattern adds a cognitive and visual challenge, making it resistant to common threats like shoulder surfing and brute force attacks. Finally, the image puzzle layer incorporates an element of visual memory and interaction, greatly enhancing security while maintaining usability. Through practical implementation using PYTHON, CSS and HTML, the system demonstrated robust performance and user acceptance. Although the process involves slightly more time than standard login methods, the trade-off is justified by the significantly increased security. The system proves especially effective for applications where sensitive data or secure access control is essential—such as corporate portals, academic records, or personal data storage. It balances the need for user-friendliness with advanced protection, showing that security does not have to compromise usability. Future improvements could include mobile app integration, biometric extensions, or AI-driven pattern anomaly detection. Overall, the project contributes a valuable step forward in the field of cybersecurity and user authentication.

References

[1] Ahmad Amulet (2011) Computer Engineering Department King Fahd University of Petroleum andMinerals Dhahran, Saudi Arabia: A Graphical Password Authentication System. [2] Antonella De Angeli, Lynne Coventry, Graham Johnson, and Karen Renaud. Is a picture really wortha thousand words? Exploring the feasibility of graphical authentication systems. InternationalJournal of Human-Computer Studies, 63:128–152, July 2005. [3] Babich, A, 2012, Biometric Authentication, Type of Biometric Identifier [4] Cynthia Kuo, Sasha Romanosky, Lorrie Faith Cranor; 2006; Human Selection of Mnemonic Phrasebased Passwords. [5] Lackey, A. E., Pandey, T., Moshiri, M., Lalwani, N., Lall, C., & Bhargava, P. (2014). Productivity,part 2: cloud storage, remote meeting tools, screen casting, speech recognition software, passwordmanagers, and online data backup. Journal of the American College of Radiology, 11(6), 580-588. [6] Li, Z., He, W., Akhawe, D., & Song, D. (2014). The emperor’s new password manager: Securityanalysis of web-based password managers. In 23rd {USENIX} Security Symposium ({USENIX}Security 14) (page. 465-479). [7] Petsas, T., Tritanomalies, G., Athanasopoulos, E., & Ioannidis, S. (2015, April). Two-factorauthentication: is the world ready? Quantifying 2FA adoption. In Proceedings of the eighthEuropean workshop on system security (page. 1-7). [8] Weaning Yang, Jinghui Li, Omar Chowdhury, Aiping Xiong, Robert W. Proctor; 2016; AnEmpirical Study of Mnemonic Sentence-based Password Generation Strategies [9] Weaning Yang, Jinghui Li, Omar Chowdhury, Aiping Xiong, Robert W. Proctor; 2016; AnEmpirical Study of Mnemonic Sentence-based Password Generation Strategies. [10] Lackey, A. E., Pandey, T., Moshiri, M., Lalwani, N., Lall, C., & Bhargava, P. (2014). Productivity,part 2: cloud storage, remote meeting tools, screen casting, speech recognition software, passwordmanagers, and online data backup. Journal of the American College of Radiology, 11(6), 580-588.

Copyright

Copyright © 2025 Pratyush Kumar, Pavan . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.