Graphical Password Authentication
Graphical Password Authentication
Vishal Pednekar, Sayli Tawhare, Arundhati Pradhan, Nidhi Shettigar, Bharati Singh, Amisha Sahu
Abstract – With cyberattacks rising exponentially, there is a need for protection of our
digital data. Based on various studies which suggest that human brain has a greater
capacity to remember what they see, to overcome the limitations of text-based
passwords, we have introduced the concept of Graphical Password Authentication. The
proposed system uses a 3 X 3 grid of 9 randomly selected images which when selected in
a particular order makes a password. The proposed system, will also increase the level
of security provided by today’s traditional passwords by eliminating the chances of
brute-force attacks, dictionary attacks and shoulder surfing.
I. INTRODUCTION
Passwords are ubiquitous in today’s digital world. Password authentication systems usually
comprise of a text-based password. Such passwords are prone to various cyberattacks such as
brute-force, shoulder surfing, dictionary attacks and phishing attacks. According to various
studies, many users also tend to forget their passwords [1], apply weak passwords [2] or write
it down insecurely to remember it which may cause the passwords to get compromised. To
overcome such challenges, we designed a graphical password authentication system which is
based on recalling concept. Research conducted by various institutions show that human
brain has a greater capacity to remember what they see [3] which gives idea to the concept
that graphical passwords may be easier to remember than traditional alphanumeric passwords
[4][5]. It uses images instead of alphanumeric characters. Users will be presented with a grid
of different images and patterns to choose from. Such systems will simplify the
authentication process and save time in the long run.
Research conducted by various institutions show that human brain has a greater capability to
remember what they see [3][7]. This gives rise to an idea that graphical passwords are easier
to remember than traditional alphanumeric passwords [8][6]. So, to overcome the limitations
of alphanumeric passwords, we introduced a Graphical Password Authentication System. The
proposed system uses a random set of images from which the users select some of them in a
specific order to form the password. Such a password is easier to remember and more secure
than the traditional alphanumeric passwords.
III. METHODOLOGY
In the traditional authentication method involving alphanumeric passwords, the plain text
password created during the registration phase is hashed using hashing algorithms like
SHA256 or MD5. Hash makes sure that the data is unchanged. Slightest change in the data
changes its hash as well. During the authentication phase when a user attempts to sign in to
an application or website, he/she enters the plain text password in the field provided. The
entered password appears as dots, stars or dashes to prevent the characters from being read by
anyone else watching the screen. This plain text password is sent to the server and hashed.
This hash is now compared with the hash calculated during the registration phase. If the hash
matches, the password is correct and authentication is successful.
Our proposed system is an extension of the existing system wherein instead of hashing
alphanumeric characters, image data is hashed in a specific order. Even the slightest change
in the image data will make the authentication fail, thus making it very difficult to crack the
password. Shuffling the images at each attempt will also make shoulder surfing difficult. Our
proposed algorithm is discussed in the next section.
One registration is completed and password is set, user can authenticate to that application or
website. Following events occur during the authentication phase of the system:
Attacks
Guessing and
Engineering
Category
Dictionary
Shoulder
Spyware
Surfing
Social
of Schemes
schemes
Passface E
Déjà vu D
Triangle M
Movable frame D
Recognition based
Picture
M
Password
Proposed
D
system
WIW D
Story E
CHC D
Image Pass E
S-Passface M
DAS M
based
recall
Pure
PASSDOODLE M
SYUKRI E
Blonder M
Recall
Based
PassPoints D
Cued
CCP D
PCCP D
REFERENCES
[1] https://www.digitalinformationworld.com/2019/12/new-password-study-finds-78-of-
people-had-to-reset-a-password-they-forgot-in-past-90-days.html
[2] https://press.avast.com/83-of-americans-are-using-weak-passwords
[3] https://www.vox.com/the-highlight/22716264/memory-science-memorability
[4] Ali Mohamed Eljetlawi; Norafida Ithnin - Graphical Password: Prototype Usability
Survey - 2008 International Conference on Advanced Computer Theory and Engineering
[5] Liew Tze Hui; Housam Khalifa Bashier; Lau Siong Hoe; Goh Kah Ong Michael; Wee
Kouk Kwee - Conceptual framework for high-end graphical password - 2014 2nd
International Conference on Information and Communication Technology (ICoICT)
[6] https://www.forbes.com/sites/chuckbrooks/2022/01/21/cybersecurity-in-2022--a-fresh-
look-at-some-very-alarming-stats/?sh=730bcd146b61
[7] Jaffar Abduljalil Jaffar; Ahmed M. Zeki - Evaluation of Graphical Password Schemes in
Terms of Attack Resistance and Usability - 2020 International Conference on Innovation and
Intelligence for Informatics, Computing and Technologies (3ICT)
[8] Gi-Chul Yang - PassPositions: A Secure and User-Friendly Graphical Password Scheme –
2017 4th International Conference on Computer Applications and Information Processing
Technology (CAIPT)
[9] Khazima Irfan, Agha Anas, Sidra Malik, Saneeha Amir - Text based Graphical Password
System to Obscure Shoulder Surfing - 2018 15th International Bhurban Conference on
Applied Sciences and Technology (IBCAST)
[10] Ali Mohamed Eljetlawi; Norafida Ithnin - Graphical Password: Comprehensive Study of
the Usability Features of the Recognition Base Graphical Password Methods - 2008 Third
International Conference on Convergence and Hybrid Information Technology
[11] M. Arun Prakash; T.R. Gokul - Network security-overcome password hacking through
graphical password authentication - 2011 National Conference on Innovations in Emerging
Technology