Graphical Password Authentication.


Presentation Description

different graphical schemes


Presentation Transcript

Graphical Password Authentication :

Graphical Password Authentication Presented By: Mylapur Harish 3SL09CS014 S.L.N college of Engg.. Guided By: Vijayakumari G


Introduction Overview of the Authentication Methods Text Password and drawbacks. Graphical Passwords. The survey Recognition Based Techniques Recall Based Techniques Cued Recall Techniques Discussion Advantages Disadvantages Conclusion Outline


What is PASSWORD? PASSWORD is a secret word or string of characters that is used for user authentication to prove his identity and gain access to resources. PASSWORDS are used for? Logging into accounts. Retrieving emails. Accessing applications. Networks. Websites Databases workstations Introduction

Overview Of The Authentication:

Authentication is a process of conformation of a persons identity. Methods Token based authentication key cards, band cards, smart card, … Biometric based authentication Fingerprints, iris scan, facial recognition, … Knowledge based authentication text-based passwords, picture-based passwords, … most widely used authentication techniques Overview Of The Authentication

Text Password:

Text password is a secret word or string of characters that is used for user authentication to prove his identity and gain access to resources. Drawbacks Difficulty of remembering passwords easy to remember -> easy to guess hard to guess -> hard to remember Users tend to write passwords down or use the same passwords for different accounts. Extra processing of memory. Text Password

Need Of Graphical Password?:

Memorability: According to Dual Coding theory , verbal data is hard for remembering compared to non verbal data(images). Considering the example. ‘X’ may represent the roman numeral ten or the multiplication symbol; the exact meaning is associated in relation to some deeper concept. This additional processing is required for verbal memory renders this more difficult to achieve task. Need Of Graphical Password?

Graphical Password:

Graphical passwords were originally described by BLONDER in 1996. A graphical password is an authentication system that works by having the user select from images, in a specific order, presented in a graphical user interface (GUI). For this reason, the graphical-password approach is sometimes called graphical user authentication (GUA). An example of a graphical password uses an image on the screen and lets the user choose a few click points; these click points are the "password", and the user has to click closely to these points again in order to log in. Graphical Password

Three Categories Of Graphical Passwords. :

Recall Based Techniques A user is asked to reproduce something that he created or selected earlier during the registration stage Recognition Based Techniques A user is presented with a set of images and the user passes the authentication by recognizing and identifying the images he selected during the registration stage. Cued-recall Technique An extra cue is provided to users to remember and target specific locations within a presented image. Three Categories Of Graphical Passwords.

Recall Based Techniques:

Draw-A-Secret (DAS) Scheme User draws a simple picture on a 2D grid, the coordinates of the grids occupied by the picture are stored in the order of drawing Redrawing has to touch the same grids in the same sequence in authentication. User studies showed the drawing sequences is hard to remember. Recall Based Techniques

Recall Based Techniques:

Recall Based Techniques B-DAS Scheme Signature Scheme

Recognition Based Techniques:

Dhamija and Perrig Scheme Pick several pictures out of many choices, identify them later in authentication. Using Hash Visualization, which, given a seed, automatically generate a set of pictures. Take longer to create graphical Passwords. password space: N!/K! (N-K)! ( N-total number of pictures; K-number of pictures selected as passwords) Recognition Based Techniques

Recognition Based Techniques:

Sobrado and Birget Scheme System display a number of pass-objects (pre-selected by user) among many other objects, user click inside the convex hull bounded by pass-objects. authors suggested using 1000 objects, which makes the display very crowed and the objects almost indistinguishable. password space: N!/K! (N-K)! ( N-total number of picture objects; K-number of pre-registered objects) Recognition Based Techniques

Recognition Based Techniques:

Other Schemes Passfaces.. Using human faces as password. Difficult to attack. Recognition Based Techniques Select a sequence of images as password

Cued Recall Based Technique:

“PassPoint” Scheme User click on any place on an image to create a password. A tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence. can be hard to remember the sequences Password Space: N^K ( N -the number of pixels or smallest units of a picture, K - the number of Point to be clicked on ) Cued Recall Based Technique

Grid Square Size:

Grid Square Size The security of this system depends on the size of the picture. As the size of the picture increases Simultaneously the grid square Increases. Thus, making the system highly Secured. We can also use encryption alg. For storing the points and pictures Making system unbreakable.


Graphical password schemes provide a way of making more human-friendly passwords while increasing the level of security. Here we use a series of selectable images on successive screen pages, if there are 100 images on each of the 8 pages in an 8-image password, there are 100^8, or 10 quadrillion (10,000,000,000,000,000), possible combinations that could form the graphical password! If the system has a built-in delay of only 0.1 second, it would take (on average) millions of years to break into the system by hitting it with random image sequences. Dictionary attacks and brute force search are infeasible The attack programs need to automatically generate accurate mouse motion to imitate human input, which is more difficult compared to text passwords. Use of Capctha’s can be eliminated. ADVATAGES OF GRAPHICAL PASSWORDS


THE SHOULDER SURFING PROBLEM As the name implies, shoulder surfing is watching over people's shoulders as they process information. Examples include observing the keyboard as a person types his or her password, enters a PIN number, or views personal information. Because of their graphic nature, nearly all graphical password schemes are quite vulnerable to shoulder surfing. Most of the existing schemes simply circumvent the problem by stating that graphical passwords should only be used with handheld devices or workstations set up in such a way that only one person can see the screen at the time of login. DRAWBACKS






Graphical passwords are an alternative to textual alphanumeric password. It satisfies both conflicting requirements i.e. it is easy to remember & it is hard to guess. By the solution of the shoulder surfing problem, it becomes more secure & easier password scheme. By implementing other special geometric configurations like triangle & movable frame, one can achieve more security. It is more difficult to break graphical passwords using the traditional attack methods such as:burte force search, dictionary attack or spyware. Not yet widely used, current graphical password techniques are still immature Conclusion

Thank You…:

Thank You…

authorStream Live Help