International Journal of Scientific Research Engineering & Technology (IJSRET), ISSN 2278 0882

Volume 4, Issue 3, March 2015

Password Authentication Using Text and Colors

Miss.Swati Tidke, Miss Nagama Khan, Miss.Swati Balpande
Computer Engneering, RTM nagpur university, M.I.E.T Bhandara,

ABSTRACT
There are numbers of methods used for
authentication purpose; textual password is most
common one. But these passwords are susceptible to the
various attacks like glossary attack, shoulder surfing,
eves dropping. Later graphical password scheme
introduced but the graphical passwords have their own
disadvantages like they require more time to authenticate
and the usability issues. Thus we introduced a session
password scheme in which the passwords are used only
once for each session and when session is completed the
password is no longer in use. The proposed session
password scheme uses colors and text for generating
session password. Here we introduced two session
password schemes pair-based textual authentication
scheme and color code-based authentication scheme.
Keywords: Color Code-based Authentication scheme;
Pair-based Textual Authentication scheme; Session
password; shoulder surfing.

1. INTRODUCTION
Authentication is any set of rules or process that
permits one entity to institute the identity of another
entity, so authentication must be secured in order to
protect user accounts. The common method which we
used earlier is a textual password in which the passwords
which are lengthy is consider as secured password but
the lengthy passwords are difficult to remember thus the
user picks short password but short passwords are easily
cracked or hacked. The new technique is proposed which
is graphical password. This graphical password
technique overcomes the shoulder surfing problem in
textual password but this technique has also some
limitations like more time is required for authentication
and its quite expensive.
Thus
we
proposed
new
password
authentication technique which uses session password.
Two new schemes are introduced color code-based
authentication scheme and pair-based textual
authentication scheme. It gives the options for user to
select the password as a color or alphanumerical grid.
When user logins into the system new session is
generated and that session remains until user gets log

out. For every new session new password is generated

by the system and password is valid only for that
session. When session is terminated the password is of
no use for next session. Session password provides more
security as every time the session starts the new
password is created. There are two methods for session
password i.e. pair based textual authentication scheme
and color code-based authentication scheme. In a pair
based textual scheme textual passwords are provided and
in color code-based scheme set of colors are provided.
1.1 LITERATURE SURVEY
By Dhamija and Perrig [4] describes a paper
Deja Vu: A User Study Using Images for
Authentication that a graphical authentication scheme
where the user has to identify the pre-defined images to
prove users authenticity. In this system, the user selects
a definite number of images from a set of random
pictures during registration. Later, during login the client
has to identify the pre selected images for authentication
from a set of images. This system is vulnerable to
shoulder-surfing.
By Syukri [5] describe a paper A user
Identification System Using Signature Written with
Mouse that where authentication is done by drawing
user signature using a mouse. This technique integrated
two stages, registration and verification. At the moment
of registration stage the user draws his signature with the
help of mouse, and then the system extracts the signature
region. In the verification stage it takes the user
signature as input and does the normalization and then
extracts the parameters of the signature. Forgery of
signatures is the main disadvantage of this technique.
Drawing with mouse is unfamiliar to many people it is
difficult to draw the signature in the same perimeters at
the time of registration.
By Jansen [6] describes Authenticating Mobile
Device User through Image Selection a graphical
password scheme for mobile devices. A user selects a
theme consisting of photos in thumbnail size and set a
sequence of pictures as a password during password
creation. During authentication, user must identify the
images in the correct order. Every thumb nail image is
assigned a numerical value, so the sequence of the
chosen images will create a numerical password. Since

www.ijsret.org

278

International Journal of Scientific Research Engineering & Technology (IJSRET), ISSN 2278 0882
Volume 4, Issue 3, March 2015

the no. of images is limited to 30, the password space of

this scheme is small.
Blonder [7] planned a graphical password scheme
where the user must click on the approximate areas of
pre-defined locations.
Jermyn et al [8] proposed a new technique called
Draw- a-Secret (DAS) where the user is required to redraw the pre-defined picture on a 2D grid. The user is
authenticated if and only if the drawing touches the same
grids in the same sequence. This authentication scheme
is exposed to shoulder surfing.
Wiedenbeck et al [9] describes a graphical password
entry scheme using convex hull method towards
Shoulder Surfing attacks. A user needs to recognize
pass-objects and click inside the convex hull formed by
all the pass-objects. In order to make the password
difficult to guess large number of objects can be used but
it will make the display very crowded and the objects
almost indistinguishable, but using less objects may lead
to a smaller password space, as the resulting convex hull
can be large.
Haichang et al [10] proposed a new shouldersurfing resistant scheme where the user is required to
draw a curve across their password images orderly rather
than clicking on them directly. This graphical method
combines DAS and Story schemes to provide
authenticity to the user.
Zheng et al [11] designed a hybrid password
scheme based on shape and text. Mapping shape to text
with strokes of the shape and a grid with text is the basic
concept.

should rate colors from 0 to 9 according to his simplicity

opinion and he can memorize it as GRBOYPVRGB
i.e. G-grey, R-red, B-black, O-orange, Y-yellow, P-pink,
V-violate, R-rose, G-green, B-blue. Also user can give
the letters as rating to the colors.

Figure 2.1 color rating

After the login an interface is display based on
the colors selected by the user during registration phase.
The login interface consists of grid of size 1010. This
grid contains digits 0-9 placed at random in grid cells.
The interface also consist of strips of colors as shown in
figure 2.2. The color grid consists of 5 pairs of colors. In
each pair of color first color represents the row and the
second color represents the column of the grid which is
shown in figure 2.2.

2. PROPOSED SYSTEM
Authentication technique consists of four phases:
1. Registration phase
2. Login phase
3. Verification phase
4. Recovery phase
During registration, user rates the colors in the
first method or enters his password in the second
method. During login phase, the user has to put the
password based on the interface displayed on the screen.
The entered password verifies by the system by
comparing with content of the password generated
during registration. During recovery phase, if user
forgets his password, he may recover the password by
answering security questions which user had selected
during registration phase.
2.1. Color Code-based Authentication Scheme:
In color code-based authentication scheme users
have to get his password with the help of colors. During
registration phase, user should fill up all his information
and also rate colors as shown in figure2.1. The User

Figure2.2 login interface

Figure 2.2 the login interface having the color grid
and number grid of 10 x 10 having numbers 0 to 9
arbitrarily placed in the grid. We get the session
password depending on the ratings given to colors. As
discussed above, the first color of each pair in color grid
represents row and second represents column of the
number grid. The number present in the intersection of
the row and column of the grid is a part of the session
password. Consider the figure 2.1 ratings of color and
figure 2.2 login interfaces for demonstration. The first

www.ijsret.org

279

International Journal of Scientific Research Engineering & Technology (IJSRET), ISSN 2278 0882
Volume 4, Issue 3, March 2015

pair has black and green colors. The black color rating is
2 and green color rating is 8. So the first letter of session
password is 2nd row and 6th column intersecting
element i.e. 1. The same method is followed for other
pairs of colors. For figure 2.2 the password is 17548.
Instead of digits, alphabets can be used. For each login,
both the number grid and the color grid get randomizes
so the session password changes for every session.
But for every user its impractical to remember the
rating of the colors so for that a second technique is
proposed in which during registration user have to
submit a simple text as a password that technique is
called as a Pair-based Textual Authentication Scheme
which we will discussed as below.
2.2. Pair-based Textual Authentication Scheme:
In this scheme, during registration user submits
his password. The maximum length of the password is 8
and it can be called as secret pass. The secret pass should
contain even number of characters. Session passwords
are created based on this secret pass. When the user
enters login an interface consisting of a grid is displayed
during the login phase. The grid is of size 6 x 6 and it
contains of alphabets and numbers. These are randomly
placed on the grid and the interface changes every time.
The grid will be appeared as shown in below
figure 2.3. Depending upon the password which is
submitted during the registration phase, user has to enter
the password. Users have to consider his password in
terms of pairs. The session password consists of
alphabets and digits. Now the user have to enter his
authentic password which is the intersection part of that
submitted password which is signify in the following
figure 2.3 Suppose we have to submit the password
during registration as a ADMIN123".
Consider the above example of submitted
password ADMIN123 in which 4 pairs are taken as a
password. The first letter in the pair is used to select the
row and the second letter is used to select the column.
The intersection letter is part of the session password.
This is repeated for all pairs of submitted password.
Figure 2.3 shows that the letter 2 is the intersection letter
of the password pair AD. Similarly the letter M is the
intersection of MI and latter K is the intersection for
pair M1and latter 7 is the intersection for pair 23.So
this 4 intersections letters make the session password so
for the pairADMIN123. The intersection letters
2MK7 is the session password.

280

Figure2.3 Intersection letter for the passwords pair

ADMIN123

3. RESULT ANALYSIS
Here we propose two authentication schemes i.e.
pair based textual authentication schemes and color code
based authentication schemes.
By studying these two techniques we get
information that according to time to login ,the pair
based textual authentication scheme is better the an color
code authentication scheme, but according to more
security e.g. If we are using this proposed system in
banking for password of account, then color code based
authentication scheme is better than pair based
authentication scheme.
Both scheme i.e. pair based textual authentication
scheme and color code based authentication scheme are
good. The following table shows comparison with
existing system.
Authenti Textu Graph Pair
Color code
cation
al
ical
based
Based
schemes
passw passw textual
authentication
&
ord
ord
authenti scheme
Paramete
cation
rs
scheme
Less
Very
Very High
Usability High
high
compli Easy
LessComplicate
Impleme Easy
cated
d
ntation
Quite
Less
Less
Password More
less
space
Brute
Should Sometim Sometime
Attacks
force,
er
e
shoulder surfing
diction surfing shoulder
ary,
,
surfing
guessi guessin
ng
g
High
Low
Moderate
Time to Low
login
Very
Low
High
Very high
Security
low

www.ijsret.org

International Journal of Scientific Research Engineering & Technology (IJSRET), ISSN 2278 0882
Volume 4, Issue 3, March 2015

4. CONCLUSION
Both the techniques, the pair-based textual
authentication
scheme
and
color
code-based
authentication scheme generates session password that
are resistant to brute force attack, dictionary attack and
shoulder surfing. These techniques creates grid for
session password generation. For color code-based
scheme, rating should be given to color. According to
time to login the pair based textual authentication
scheme is better than color code based authentication
scheme. But according to more security color code based
authentication scheme is better than pair based
authentication scheme. These schemes are completely
new to the user and the proposed authentication
technique should be verified generally. This technique
can be used for external authentication to connect the
application to a database or also it can be used to provide
security to any windows application.
ACKNOWLEDGMENT
I would like to thank everyone, who ever remain
a source of help and inspiration for this presentation.
REFERENCES
[1] Priyanka S. Kedar, Vrunda Bhusari, Using PBKDF2
Pair & Hybrid technique for Authentication,
International Journal of Emerging Research in
Management & Technology (ISSN) 2278-9359,
Volume-3, Issue-5, May 2014.
[2] M Shashi, M Anirudh, MD Sultan Ahamer, V
Manoj Kumar, Authentication Schemes for Session
Password using colors and Images, International
Journal of Network Security & Its Applications (IJNSA),
Vol.3, No.3, May 2011.
[3] Priti Jadhao, Lalit Dole, Survey on Authentication
Password Techniques, International Journal of Soft
Computing and Engineering (IJSCE) ISSN: 2231-2307,
Volume-3, Issue-2, May 2013.
[4] Z. Zheng, X. Liu, L. Yin, Z. Liu A Hybrid
password authentication scheme based on shape and
text, Journal of Computers, vol.5, no.5 May 2010.
[5] D.Aruna Kumari, Design, Implementation of
Network Based Authentication Mechanisms, Advances
in Information Technology and Management, vol.1,
no.2, pp.44-48, 2012.
[6] H. Zhao and X. Li, "S3PAS: A Scalable ShoulderSurfing
Resistant
Textual-Graphical
Password
Authentication Scheme," in 21st International
Conference on Advanced Information Networking and
Applications Workshops (AINAW 07), vol. 2. Canada,
2007, pp. 467-472.
[7] M Sreelatha, M Shashi, M Anirudh, MD Sultan
Ahamer, V Manoj Kumar Authentication Schemes for

Session Passwords using Color and Images,

International Journal of Network Security & Its
Applications (IJNSA), Vol.3, No.3, May2011
[8] D. Aruna Kumari, Design, Implementation of
Network Based Authentication Mechanisms, Advances
in Information Technology and Management, vol.1,
no.2, pp.44-48, 2012.
[9] S.Balaji, Lakshmi.A, V.Revanth, M.Saragini,
V.Venkateswara Reddy Authentication Techniques For
Engendering Session Passwords With Colors And Text
Advances in Information Technology and Management
Vol. 1, No. 2, 2012.
[10]A. Adams and M. A. Sasse, "Users are not the
enemy: why users compromise computer security
mechanisms and how to take remedial measures,"
Communications of the ACM, vol. 42 pp. 41-46, 1999.
[11] L. Sabrado and J. C. Birget, "Graphical
passwords", The Rutgers Scholar, An Electronic Bulletin
for Undergraduate Research, vol 4, 2002.
[12] L. D. Paulson, "Taking a Graphical Appraoch to
the Password," Computer, vol. 35, pp. 19, 2002.
[13] Jean-Camille Birget, Dawei Hong and Nasir
Memon, uGraphical Passwords Based on Robust
Discretization", IEEE Transactions on Information
Forensics and Security, Vol. 1, No.3, September 2006.
[14] L. Y. Por and X. T. Lim, "Multi-Grid background
Pass-Go". WSEAS Transactions on Information Science
and Applications, Issue 7, Volume 5, July 2008.
[15] H. Gao, X. Guo, X. Chen, L. Wang, and X. Liu,
"YAGP: Yet another graphical password strategy". In
Annual Computer Security Applications Conference,
2008, 121-129.

www.ijsret.org

281