Abstract: In this digital world, where huge amount of information is available online, illegitimate access to sensitive information is on the increase. This information is accessed using online password guessing attacks like brute force and dictionary attacks. In this paper we depict the inadequacy of existing protocols and we propose the Password Guessing Resistant Protocol (PGRP) which can effectively prevent these attacks. The system is very stringent for attackers and at the same time is very user friendly for legitimate users.  The system prevents cookie theft related issues as it uses IP addresses to track known and unknown machines. It also makes use of ATTs to conquer the guessing attacks


Keywords: Online password guessing attacks, brute force attacks, dictionary attacks, ATT, CAPTCHA