The customer may quickly and efficiently log into the system under the suggested approach. We examine the suggested scheme's security and usability, as well as its resistance to login credential hacking, shoulder surfing, and unintentional login. The adversary can employ the shoulder surfing attack to steal the user's password by glancing over the user's shoulder while he types it. We've offered secure device schemes with different levels of resistance to shoulder surfing because we've given you secure device schemes with different levels of resistance to shoulder surfing. To use this authentication device, the customer must first register with it by providing basic information. After completing the registration process, the user will be granted access to the login page he or she must first authenticate the account by providing the e-mail address and password that was entered during registration. After the person's email identification and password have been verified, he or she can advance to the next authentication phase, where he or she must choose between a QR (quick response) Code and OTP (one-time-password) (Time Password).After the person's email identification and password have been verified, he or she can advance to the next authentication phase, where he or she must choose between a QR (quick response) Code and OTP (one-time-password) (Time Password). When the customer picks QR Code as the authentication method, the system will produce a QR Code and send it to the customer's email address through the internet. If a person selects OTP, SMS may be delivered to his or her registered mobile number. If the user goes through the login process, the gadget will take them to the main page. At the moment of login, the QR Code and OTP are created at random by the system.