The existing one-time password authentication technology was analyzed. To overcome its limitations on B/S application mode,a soft input model based on double random input unit was put forward. When the user need to input authentication password, the authentication server dynamically generates double random input soft keyboard, the interface layout of soft keyboard generated by the authentication server each time is random, and its interface to the corresponding input character is also random. The study results showed that based on this method, the password entered in client and password transmitted over the network are mapped to several groups of different random string each time without any computing in client, and effectively solves some password authentication problems including the capture/replay attack, memory and input intercepted assault.
