This paper proposes a Personal Identification Number (PIN) number based authentication scheme named User
Transformed PIN (UTP). It introduces a simple cognitive process with which users may transform their PIN numbers into a
dynamic one-time number. PIN numbers are widely used for the purpose of user authentication. They are entered directly and
reused several times. This makes them vulnerable to many types of attacks. To overcome their drawbacks, One Time Password
(OTPs) are combined with PIN numbers to form a stronger two-factor authentication. Though it is relatively difficult to attack
OTPs, nevertheless OTPs are not foolproof to attacks. In our proposed work, we have devised a new scheme that withstands
many of the common attacks on PIN numbers and OTPs. In our scheme, users will generate the UTP with the help of a visual
pattern, random alphabets sequence and a PIN number. Because the UTP varies for each transaction, it acts like an OTP. Our
scheme conceals PIN number within the UTP so that no direct entry of PIN number is required. The PIN number could be
retrieved from the UTP by the authenticator module at the server. To the best our knowledge, this is the first scheme that
facilitates users to transform their PIN numbers into a one-time number without any special device or tool. Our scheme is an
inherently multi-factor authentication by combining knowledge factor and possession factor within itself. The user studies we
conducted on the prototype have provided encouraging results to support the scheme’s security and usability