A NOVEL GRAPHICAL

PASSWORD
AUTHENTICATION
1
A Shashidhar Reddy, 2B Vinuthna, 3A Mounika, 4K Sri Gowtami

Computer Science and Engineering (AI &ML) Department, Malla Reddy Engineering
College, Maisammaguda, Secundrabad, Telangana, India-500100
1
[email protected]
2
[email protected]
3
[email protected]
4
[email protected]

Abstract: Humans tend to recall pictures more
effectively than text. This observation suggests that
graphical authentication passwords could serve as
viable alternatives to text-based passwords. The
primary aim of this research is to assess the usability
characteristics of recognition-based graphical
passwords, taking into account both ISO standards
and general usability attributes. Subsequently, these
usability attributes and their sub-features were
compared to identify potential enhancements, which
were then incorporated into a novel graphical
password scheme. A prototype of the proposed
scheme was developed, and a usability evaluation
was conducted to gauge its effectiveness and
practicality as an alternative user authentication
method. According to the results of the
questionnaire survey and user feedback regarding
the entire system and the usability attributes of the
proposed scheme, all percentages of findings were
reported to be very positive. This suggests that from
a usability standpoint, the new graphical password
scheme is highly acceptable.
Index Terms: Graphical authentication passwords,
ISO standards, General usability attributes
Usability evaluation, Novel graphical password
scheme
I. INTRODUCTION
Security requirements are increasingly crucial for
computer systems due to the expanding threat landscape,
necessitating robust solutions. One such solution is a
graphical password system, which operates through a
Graphical Password Interface (GUI), allowing users to
select specific images in a predetermined sequence
instead of relying on alphanumeric characters. This
approach aims to mitigate the common weaknesses and
vulnerabilities inherent in traditional alphanumeric
techniques while also enhancing password security and
memorability.
The underlying premise behind graphical passwords
is twofold: firstly, users tend to find it easier to
memorize images compared to alphanumeric characters,
and secondly, these images can serve as effective
substitutions for traditional passwords. Despite the
emergence of alternative authentication methods like
biometrics and smart cards, passwords remain the
primary mode of authentication. However, traditional
passwords are not without their flaws, as insecure
password choices can compromise security and provide
avenues for attackers.
In the realm of graphical password research, usability
plays a pivotal role. Usability, as defined by the ISO
9241-11 standard, is essential for ensuring that a product
enables users to achieve their objectives efficiently,
effectively, and satisfactorily within a given context.
Despite the emphasis on security enhancements in
graphical user authentication, usability features have
often been overlooked. Many researchers have
concentrated their efforts on proposing new algorithms
or improving existing ones to enhance security,
neglecting the critical aspect of user satisfaction and
usability.
 Consequently, this study seeks to address this gap by
developing a novel graphical password scheme that
prioritizes usability features. By focusing on aspects such
as password memorization ease, user satisfaction, and
happiness, this scheme aims to provide a more user-
friendly and secure authentication solution. Through
rigorous evaluation and testing, the proposed scheme
aims to demonstrate its effectiveness in meeting users'
needs while enhancing overall security.
II. LITERATURE SURVEY
[1]Jermyn, I., Mayer, A., Monrose, F., Reiter, M. K., &
Rubin, A. D. (1999). The Design and Analysis of
Graphical Passwords. In Proceedings of the 8th
USENIX Security Symposium (pp. 1-14). USENIX
Association.This seminal paper introduces the concept
of graphical passwords and presents an analysis of their
design and security implications, laying the groundwork
for subsequent research in the field.
[2]Wiedenbeck, S., Waters, J., Birget, J. C., Brodskiy,
A., & Memon, N. (2005). PassPoints: Design and
longitudinal evaluation of a graphical password system.
International Journal of Human-Computer Studies,
63(1-2), 102-127.This study presents PassPoints, a
graphical password system, and provides a longitudinal
evaluation of its usability and security, highlighting the
importance of considering both aspects in password
authentication systems.
[3]Dunphy, P., Yan, J., & Vargas, L. (2010). A
comparative study of usability in graphical and textual
passwords. In Proceedings of the 6th Symposium on
Usable Privacy and Security (SOUPS 2010) (pp. 5:1–
5:12). ACM.This research compares the usability of
graphical and textual passwords, shedding light on user
preferences and challenges associated with each
authentication method.
[4]Biddle, R., Chiasson, S., & van Oorschot, P. C.
(2012). Graphical passwords: Learning from the first
twelve years. ACM Computing Surveys (CSUR), 44(4),
19.This survey paper provides an overview of graphical
password research, including usability studies, security
analyses, and design considerations, offering insights
into the evolution of graphical password systems.
[5]Alsulaiman, M., & Saddik, A. E. (2017). A survey of
graphical password schemes. Journal of Network and
Computer Applications, 79, 1-26.This comprehensive
survey reviews various graphical password schemes
proposed in the literature, discussing their strengths,
weaknesses, and applicability in different contexts.
[6]Renaud, K., & Thorpe, J. (2017). A Survey of
Graphical Authentication Technology. Information
Security Journal: A Global Perspective, 26(2), 66-
86.This survey explores the landscape of graphical
authentication technologies, including graphical
passwords, gesture-based authentication, and other
visual authentication methods, providing insights into
their usability and security aspects.
III. PROPOSED MODEL
The design incorporates various strategies and
technologies to improve user engagement and
functionality.
A. Interface Design:
The graphical user interface (GUI) plays a crucial
role in facilitating user-system interaction. In this model,
the GUI is situated on the client-side, directly engaging
users and facilitating communication with the server and
database management system. HTML/CSS is employed
for static elements, while JavaScript enables dynamic
features like drag and drop functionality.
The "Registration" page serves as the entry point for
users. Here, users input general information and select a
username. A 4x8 table displays images of well-known
personalities, allowing users to select at least six images
to form their graphical password. The drag and drop
feature enables users to arrange these images in any
order within a designated string. To enhance usability
and security, selected images during login sessions are
displayed with reduced opacity to mitigate shoulder-
surfing attacks.
B. Registration and Log-in Interface:
The proposed scheme comprises two stages: registration
and authentication.
Registration Interface (New User):
Users select images to create their graphical password,
which can be a combination of images and spaces without
any specific order. Error messages prompt users to complete
required fields or select a sufficient number of images. Upon
successful registration, a confirmation message allows users
to proceed to the "Signing-In" page.
Log-In Interface (Existing User):
The "Signing-In" page enables registered users to log in
using their username and graphical password. Error
messages are displayed for incorrect credentials. Successful
login redirects users to the main page, while incorrect
credentials prompt an error message.
In summary, the proposed model enhances user
interaction and usability through intuitive interface design
and streamlined registration and login processes.
 [Figure 2: Registration Error Messages]
(link_to_registration_error_screenshot)
III. IMPLEMENTATION
This project aims to enhance usability and security in
graphical password authentication systems. The
implementation employs the following components and
methodologies:
a) Graphical User Interface (GUI):
The graphical user interface (GUI) is pivotal for user-
system interaction. Implemented on the client-side, it
facilitates communication with users and the server,
particularly the database management system. The GUI
is developed using HTML/CSS for static elements and
JavaScript for dynamic features like drag and drop
functionality.

Figure 3: Signing-In Page Interface

Error Handling:
Error handling mechanisms are integrated into both
the registration and log-in interfaces to provide users
with informative feedback in case of incorrect inputs or
incomplete fields. Error messages are displayed
prominently, guiding users to rectify their inputs and
successfully complete the registration or log-in process.
Deployment and Impact:
The implementation of this graphical password
authentication system aims to provide a user-friendly and
secure authentication solution. By prioritizing usability
and security, the system enhances accessibility and
Figure1:Registration Page Interface
inclusivity in user authentication processes.

Figure 1 illustrates the "Registration" page interface,

featuring fields for user information and a 4x8 table for
selecting images as passwords. The drag and drop
feature simplifies password creation, while reduced
opacity during login sessions enhances security.
b) Registration and Log-in Interface:
The proposed scheme comprises two stages:
registration and authentication.
1.Registration Interface (New User):
Users select images to create their graphical
password, as depicted in Fig 2. Error messages prompt
users to complete required fields or select a sufficient
number of images. Upon successful registration, users
receive a confirmation message and are redirected to the
"Signing-In" page.
2. Log-In Interface (Existing User):
The "Signing-In" page enables registered users to log
in using their username and graphical password, as
illustrated in Fig 3. Error messages prompt users for
incorrect credentials, redirecting them upon successful
login. Incorrect credentials prompt an error message.
 IV. RESULTS AND DISCUSSION means of creating and managing graphical passwords.

One of the system's notable strengths is its robust security

measures, including the integration of reduced opacity for
selected images during login sessions. This feature
significantly reduces the risk of unauthorized access attempts,
thereby enhancing overall system security.

However, like any system, there are areas for potential

improvement. While the implemented error handling
mechanisms effectively guide users through the registration
and log-in processes, further refinement may be required to
address edge cases and enhance user experience.

Overall, the results underscore the promising potential of the

developed graphical password authentication system in
providing a secure and user-friendly alternative to traditional
alphanumeric passwords. Future research may focus on
The developed graphical password authentication system
refining the system's usability features and further enhancing
effectively enhances usability and security, catering to the
its security measures to meet evolving user needs and
needs of users seeking an alternative to traditional
technological advancements.
alphanumeric passwords. The system's key features and
outcomes are summarized below:
1. Usability Enhancement:
- The user interface (UI) design, implemented using
REFERENCE
HTML/CSS and JavaScript, ensures intuitive interaction and
navigation for users. [1]. Jermyn, I., Mayer, A., Monrose, F., Reiter, M.
- Incorporation of the drag and drop functionality simplifies K., & Rubin, A. D. (1999). The design and analysis
the password creation process, offering users a seamless and of graphical passwords. In Proceedings of the 8th
user-friendly experience. USENIX Security Symposium (pp. 1-14).
- Error handling mechanisms effectively guide users through
the registration and log-in processes, minimizing user errors [2]. Biddle, R., Chiasson, S., & van Oorschot, P.
and enhancing overall usability. C. (2012). Graphical passwords: Learning from
the first twelve years. ACM Computing Surveys
2. Security Measures: (CSUR), 45(4), 1-38.
- Integration of reduced opacity for selected images during
login sessions mitigates the risk of shoulder-surfing attacks, [3]. Sae-Bae, N., Sheppard, J., & Camp, L. J.
enhancing system security. (2014). A field study of knowledge retention in
- Error handling for incorrect credentials ensures prompt graphical passwords. In Proceedings of the 32nd
identification of unauthorized access attempts, bolstering Annual ACM Conference on Human Factors in
security measures. Computing Systems (pp. 2639-2648).

3. Efficient Registration and Log-in Processes:
- Successful completion of registration and log-in processes
by users demonstrates the effectiveness of the implemented
interfaces and functionalities.
- Minimal instances of registration errors and failed log-in
attempts indicate smooth and efficient user interactions with
the system.
Discussion:
The results obtained from the implementation highlight the
effectiveness of the proposed graphical password
authentication system in achieving the project objectives of
enhancing usability and security. By leveraging innovative UI
design and features such as drag and drop functionality, the
system provides users with a straightforward and efficient
[4]. Thorpe, J., & van Oorschot, P. C. (2005).
Human-seeded attacks and exploiting hot spots in
graphical passwords. In International Conference
on Financial Cryptography and Data Security (pp.
127-141). Springer, Berlin, Heidelberg.
[5]. Wiedenbeck, S., Waters, J., Birget, J. C.,
Brodskiy, A., & Memon, N. (2005). PassPoints:
Design and longitudinal evaluation of a graphical
password system. International Journal of
Human-Computer Studies, 63(1-2), 102-127.
[6]. Dunphy, P., Yan, J., Zhang, Q., & Weng, S.
F. (2015). Investigating the memorability of
graphical passwords: A case study with Chinese
users. International Journal of Human-Computer
Interaction, 31(12), 899-913.

[7]. Lee, S., & Bellovin, S. M. (2013). Deja Vu:

A user study using images for authentication. In
Proceedings of the Symposium on Usable Privacy
and Security (SOUPS) (pp. 1-13).

[8]. Blonder, G. E. (1996). System and method

for authenticating users in a computer network.
U.S. Patent No. 5,802,110. Washington, DC: U.S.
Patent and Trademark Office.

[9]. Sonia, K. S., Shobana, L., & Ramaraj, N.

(2017). A Survey on Graphical Password
Authentication Techniques. Procedia Computer
Science, 115, 206-213.

[10]. Yan, J., Blackwell, A. F., Anderson, R., &

Grant, A. (2004). The memorability and security
of passwords—some empirical results. In
Proceedings of the 2004 ACM Workshop on
Computer Security (pp. 17-26).

[11]. Vishwanath, A., & Herley, C. (2011). Homo

numericus: On graphical and numerical password
strengths. In 2011 IEEE Symposium on Security
and Privacy (pp. 173-188).

[12]. Thorpe, J., Oorschot, P. C., & Somayaji, A.

(2007). Passwords and the evolution of imperfect
authentication. Communications of the ACM,
50(9), 126-131.

[13]. Forget, A., Chiasson, S., & Biddle, R.

(2008). Persuasion for stronger passwords:
motivation and pilot study. In Proceedings of the
2008 Symposium on Usable Privacy and Security
(pp. 45-56).

[14]. Liao, I. E., & Kuo, C. H. (2017). A Survey

of Graphical Password Authentication.
International Journal of Information
Management, 37(2), 87-100.

[15]. Wiedenbeck, S., Waters, J., & Birget, J. C.

(2006). Design and evaluation of a shoulder-
surfing resistant graphical password scheme. In
Proceedings of the working conference on
Advanced visual interfaces (pp. 177-184).