Graphical Password Suffleling
Graphical Password Suffleling
Submitted by:
DASARI DHANA SYAM GANESH
2385351022
Submitted to
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING
COLLEGE OF ENGINEERING ADIKAVI NANNAYA UNIVERSITY
RAJAHMAHENDRAVARAM
2024-2025
B.V. RAJUCOLLEGE (AUTONOMOUS)
(Re-Accredited with ‘B++’ Grade by NAAC)
Department of MCA
Vishnupur :: Bhimavaram
CERTIFICATE
The first person I would like to thank Dr. I.R.krishnam Raju, Principal ,
Dept of MCA for his support and valuable suggestions for the successful completion
of this project.
2385351022
DECLARATION
1. INTRODUCTION 1-2
1.1 About the Project
1.2 Purpose
1.3 Scope
1.4 Motivation
2. LITERATURE SURVEY 3-4
6. SCREENS 24-33
6.1 Screenshots
9. BIBILIOGRAPHY 38-40
9.1 Books
9.2 References
LIST OF FIGURE
1.2 Purpose
The primary purpose of this project is to design and implement a simple, secure, and
user-friendly graphical password authentication system that addresses the limitations of
traditional text-based passwords. While alphanumeric passwords are widely used, they
often suffer from poor memorability, predictable patterns, and vulnerability to security
threats such as brute-force attacks and social engineering.
1.3 Scope
The scope of this project includes the design, development, and evaluation of a
simple graphical password authentication system intended to enhance both security and
user experience in authentication processes. The system focuses on using visual
elements—such as images, patterns, or click-points—as a replacement for traditional
text-based passwords.
1.4 Motivation
The motivation behind this project stems from the increasing need for secure yet
user-friendly authentication systems in today’s digital world. Traditional alphanumeric
passwords, while widely used, present several challenges:
Users often create weak or predictable passwords for ease of memorization.
Forgotten passwords are common, leading to frequent resets and poor user experience.
1
These passwords are vulnerable to various attacks, including brute-force, dictionary
attacks, and phishing.
As systems become more secure, the usability of security measures often declines,
creating a trade-off between convenience and protection.
With the widespread use of smartphones, touch interfaces, and visual content, graphical
passwords provide a natural and intuitive way for users to interact with authentication
systems. Humans tend to remember visual information (like faces, places, or patterns)
better and longer than text, making graphical passwords a promising solution.
This project is driven by the desire to:
Reduce user frustration by offering a more memorable alternative to traditional
passwords.
Enhance security through less predictable, image-based authentication methods.
Explore innovative interfaces that align with modern user behavior and technology
trends.
Support ongoing research in the field of usable security and alternative authentication
mechanisms.
2
2. LITERATURE SURVEY
1. Passfaces – Recognition-Based Authentication
Authors: RealUser Corporation; Brostoff, S. and Sasse, M.A. (2000)
Overview:
Passfaces is a recognition-based graphical password system where users select a set of
human faces from a larger group. Studies by Brostoff and Sasse highlighted its usability,
demonstrating that users could remember image-based passwords more reliably than
alphanumeric ones.
2. Déjà Vu – Random Art-Based Authentication
Authors: Rachna Dhamija and Adrian Perrig (2000)
Overview:
Déjà Vu uses abstract images generated algorithmically. Users must recognize pre-
selected images from decoys during authentication. It demonstrates the effectiveness of
image recognition over recall.
3. Draw-a-Secret (DAS) – Recall-Based Scheme
Authors: Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D.
Rubin (1999)
Overview:
In the DAS system, users draw a simple picture on a grid. The system stores the
sequence of grid cells traversed. Though innovative, it raised concerns regarding
usability and memorability over time.
4. PassPoints – Click-Based Passwords
Authors: Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy, and
Nasir Memon (2005)
Overview:
PassPoints requires users to click on specific points in an image in a particular order. It
leverages the user's ability to recall specific image details, showing improved
memorability but also highlighting vulnerabilities to shoulder-surfing and hotspot
attacks.
5. Story-Based Passwords – Combining Recognition with Narrative
Authors: Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle, and P.C. van
Oorschot (2009)
Overview:
This method allows users to create a sequence of images forming a story, enhancing
3
memory through associations. It blends both recognition and recall techniques,
improving user retention and password strength.
6. Cued Click Points (CCP) – Enhanced Click-Based Scheme
Authors: Sonia Chiasson, Alain Forget, Robert Biddle, and P.C. van Oorschot (2007)
Overview:
CCP builds upon PassPoints by providing a different image for each click point, guided
by the previous click. This reduces predictability and improves security by minimizing
hotspot clustering.
7. Hybrid Approaches and Biometric Integration
Authors: Jansen, W.A., and Ayers, R. (2004)
Overview:
They explored combining graphical passwords with biometrics (fingerprints, face
detection) to increase security. This hybrid approach targets high-security systems where
usability must not compromise protection.
4
3. SYSTEM ANALYSIS
Existing graphical password authentication systems fall into three main categories:
recognition-based, recall-based, and cued-recall methods. Recognition-based systems
require users to select pre-chosen images from a set, while recall-based systems involve
drawing a pattern or clicking on specific areas of an image. Cued-recall methods provide
hints or partial images to aid memory recall. Despite their advantages in usability and
security, these systems can be vulnerable to shoulder surfing, smudge attacks, and
pattern predictability, especially in public or shared environments.
Complexity in Implementation.
5
3.2.1 PROPOSED SYSTEM
A Web-Based Graphical Password Authentication System is a secure login mechanism
that enhances traditional password authentication by incorporating images, patterns, and
visual elements. Unlike text-based passwords, which can be easily guessed or stolen
through keylogging and brute-force attacks, graphical passwords leverage human
memory’s ability to recall images more efficiently. The proposed system allows users to
select or draw a sequence of images, shapes, or patterns during the registration process,
which will then be used for authentication. This approach enhances security while
improving user experience, particularly for individuals who struggle with alphanumeric
passwords.
The core functionality of the system includes user registration, authentication, and
password recovery. During registration, users will either select predefined images in a
specific order or draw a pattern on an interactive grid. This information is securely
stored using cryptographic techniques to prevent unauthorized access. During login,
users must replicate their chosen pattern or selection sequence to gain access. The
system will implement anti-shoulder surfing techniques, such as dynamic image
positioning and randomized grid layouts, to prevent attackers from stealing credentials
by observing login attempts.
Lastly, the system offers versatility and adaptability across different platforms and
devices. It can be integrated with touchscreens, mobile devices, and web applications,
providing a seamless authentication experience across multiple environments. This
adaptability makes it an ideal solution for modern applications where users interact with
various devices. Additionally, the system can incorporate multi-factor authentication
(MFA) by combining graphical passwords with biometric verification or one-time
codes, further enhancing security. With its strong security foundation and user-friendly
design, the proposed graphical password authentication system presents a robust
alternative to traditional authentication methods in web-based applications.
7
3.3.1 FEASIBILITY STUDY
The feasibility of the project is analyzed in this phase and business proposal is put
forth with a very general plan for the project and some cost estimates. During system
analysis the feasibility study of the proposed system is to be carried out. This is to
ensure that the proposed system is not a burden to the company. For feasibility analysis,
some understanding of the major requirements for the system is essential.
ECONOMICAL FEASIBILITY
TECHNICAL FEASIBILITY
SOCIAL FEASIBILITY
This study is carried out to check the economic impact that the system will have
on the organization. The amount of fund that the company can pour into the research and
development of the system is limited. The expenditures must be justified. Thus the
developed system as well within the budget and this was achieved because most of the
technologies used are freely available. Only the customized products had to be
purchased.
This study is carried out to check the technical feasibility, that is, the
technical requirements of the system. Any system developed must not have a high
demand on the available technical resources. This will lead to high demands on the
available technical resources. This will lead to high demands being placed on the client.
The developed system must have a modest requirement, as only minimal or null changes
are required for implementing this system.
The aspect of study is to check the level of acceptance of the system by the user.
This includes the process of training the user to use the system efficiently. The user must
not feel threatened by the system, instead must accept it as a necessity. The level of
acceptance by the users solely depends on the methods that are employed to educate the
user about the system and to make him familiar with it. His level of confidence must be
8
raised so that he is also able to make some constructive criticism, which is welcomed, as
he is the final user of the system.
Admin:
9
In the web-based graphical password authentication system, the admin plays a critical
role in ensuring security, functionality, and usability. They manage the image database,
configure system parameters like click-point tolerances, and implement encryption (e.g.,
AES-256) and secure protocols (e.g., HTTPS with TLS 1.3). The admin oversees user
registration, account recovery, and access control, while monitoring for threats like
brute-force attacks. They maintain the web platform, perform software updates, and
ensure compatibility across devices. Additionally, the admin supports users through
tutorials and feedback integration, monitors performance, and conducts security
evaluations, aligning with the system’s goals of enhanced security and accessibility..
Data Preprocessing:
The web-based graphical password authentication system processes data by capturing
user inputs—image selections, click points, or gestures—via a JavaScript-driven
interface. During registration, inputs are normalized (e.g., scaling coordinates), validated
for strength, and hashed (e.g., bcrypt) or encrypted (e.g., AES-256) before storage in a
database like MySQL. Authentication involves real-time input capture, normalization,
and comparison against stored credentials using algorithms like Euclidean distance for
click points or Dynamic Time Warping for gestures, with HTTPS ensuring secure
transmission. Images are compressed and cached for efficiency, while session tokens
(e.g., JWT) secure access. User testing data is anonymized and analyzed for metrics like
success rates, balancing security, usability, and scalability..
Performance:
The system’s performance depends on image processing and user interaction speed.
Simple graphical passwords likely require low computational overhead, enabling fast
authentication, assuming efficient image rendering and minimal database lookup times.
No specific performance metrics are provided.
Modifiability:
The system’s simplicity suggests a modular design (e.g., image selection, user input
handling), making it relatively easy to modify features like adding new image sets or
altering authentication rules. However, the abstract doesn’t detail the architecture, so
scalability of modifications is unclear.
10
Portability:
The abstract doesn’t specify platforms, but a graphical system could be portable
across devices with displays (e.g., PCs, smartphones). Portability may be constrained by
dependencies on specific graphical libraries or input methods, which aren’t mentioned.
Reliability:
Reliability hinges on accurate image recognition and user input validation. A simple
system likely has fewer points of failure, but the abstract doesn’t address error handling
or fault tolerance, such as misclicks or system crashes.
Usability:
The system is designed to be user-friendly, leveraging human memory for pictures
over text, which enhances recall and ease of use. The abstract implies intuitive operation
(e.g., selecting images), but doesn’t discuss accessibility or learning curve for diverse
users.
11
4.SYSTEM DESIGN
4.1.1System Architecture
MODULES DESCRIPTION:
User:
In the web-based graphical password authentication system, users are central to both its
functionality and evaluation. They create graphical passwords by selecting images,
clicking points, or performing gestures, choosing memorable yet secure elements to
define their credentials. During authentication, users accurately recall and reproduce
these passwords, leveraging visual memory for secure and user-friendly access. By
navigating the intuitive web-based interface across devices, they ensure seamless
interaction without specialized hardware. Users also participate in system testing,
12
providing critical feedback on usability and memorability that validates the system’s
effectiveness and drives refinements. Through real-world adoption in secure
applications, users demonstrate the system’s practicality, directly influencing its success
in mitigating threats like phishing and brute-force attacks while maintaining
accessibility.
Admin:
In the web-based graphical password authentication system, the admin plays a critical
role in ensuring security, functionality, and usability. They manage the image database,
configure system parameters like click-point tolerances, and implement encryption (e.g.,
AES-256) and secure protocols (e.g., HTTPS with TLS 1.3). The admin oversees user
registration, account recovery, and access control, while monitoring for threats like
brute-force attacks. They maintain the web platform, perform software updates, and
ensure compatibility across devices. Additionally, the admin supports users through
tutorials and feedback integration, monitors performance, and conducts security
evaluations, aligning with the system’s goals of enhanced security and accessibility..
Data Preprocessing:
The web-based graphical password authentication system processes data by capturing
user inputs—image selections, click points, or gestures—via a JavaScript-driven
interface. During registration, inputs are normalized (e.g., scaling coordinates), validated
for strength, and hashed (e.g., bcrypt) or encrypted (e.g., AES-256) before storage in a
database like MySQL. Authentication involves real-time input capture, normalization,
and comparison against stored credentials using algorithms like Euclidean distance for
click points or Dynamic Time Warping for gestures, with HTTPS ensuring secure
transmission. Images are compressed and cached for efficiency, while session tokens
(e.g., JWT) secure access. User testing data is anonymized and analyzed for metrics like
success rates, balancing security, usability, and scalability..
13
4.3 UML DIAGRAMS
login
login
reset password
USER
view registered user details
ADMIN
logout
logout
14
4.2.2 Class Diagram
In software engineering, a class diagram in the Unified Modeling Language (UML)
is a type of static structure diagram that describes the structure of a system by
showing the system's classes, their attributes, operations (or methods), and the
relationships among the classes. It explains which class contains information.
user
admin username
password
username
contact no
password
email
address
login()
view registered user details()
login()
logout()
reset password()
logout()
15
4.2.3 Sequence Diagram
A sequence diagram in Unified Modeling Language (UML) is a kind of
interaction diagram that shows how processes operate with one another and in
what order. It is a construct of a Message Sequence Chart. Sequence diagrams
are sometimes called event diagrams, event scenarios, and timing diagrams.
login
logout
login
reset password
logout
16
4.2.4 Collaborative Diagram:
A collaboration diagram groups together the interactions between different objects.
The interactions are listed as numbered interactions that help to trace the sequence of
the interactions. The collaboration diagram helps to identify all the possible int
1: login
2: view registered user details
3: logout
Admin User
4: login
5: reset password
6: logout
Databas
e
17
4.2.5 Flowchart Diagram
18
4.4 INPUT AND OUTPUT DESIGN
Input Design
At this stage choice has to be made about the input media. To conclude
about the input media consideration has to be given to;
Type of input
Flexibility of format
Speed
Accuracy
Verification methods
Rejection rates
Ease of correction
Storage and handling requirements
Security
Easy to use
Portability
Keeping in view the above description of the input types and input media, it can be said
that most of the inputs are of the form of internal and interactive. As
Input data is to be the directly keyed in by the user, the keyboard can be considered to be
the most suitable input device.
Output Design
In general are:
External Outputs whose destination is outside the organization.
Internal Outputs whose destination is with in organization and they are the
User’s main interface with the computer. Outputs from computer systems are
required primarily to communicate the results of processing to users. They are
also used to provide a permanent copy of the results for later consultation. The
various types of outputs
Operational outputs whose use is purely with in the computer department.
Interface outputs, which involve the user in communicating directly
19
5. SYSTEM IMPLEMENTATION
5.1 Front End Tool:
HTML, CSS, and JavaScript are the foundational technologies for creating websites and
web applications. HTML (HyperText Markup Language) structures the content on the
web—defining elements like headings, paragraphs, images, and links. CSS (Cascading
Style Sheets) controls the presentation, allowing developers to style elements with
colors, fonts, layouts, and animations to enhance visual appeal. JavaScript adds
interactivity and dynamic behavior, enabling features like form validation, content
updates without reloading, and complex animations. Together, they form the core trio
that powers everything from simple webpages to complex, interactive web apps.
SOURCE CODE:
Admin view
Name : Swarming
Description: A two-column, fixed-width design with dark color scheme.
Version : 1.0
Released : 20131201
-->
<html xmlns="http://www.w3.org/1999/xhtml">
20
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Graphical Password Suffleling</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="http://fonts.googleapis.com/css?
family=Source+Sans+Pro:200,300,400,600,700,900" rel="stylesheet" />
<link href="default.css" rel="stylesheet" type="text/css" media="all" />
<link href="fonts.css" rel="stylesheet" type="text/css" media="all" />
</head>
<body>
<div id="logo">
<h1><a href="#" class="icon icon-group"><span>Graphical Password
Suffleling</span></a></h1>
</div>
<div id="header">
<div id="menu" class="container">
<ul>
<li><a href="index.html" accesskey="1" title="">Homepage</a></li>
<li><a href="login.jsp" accesskey="1" title="">Login</a></li>
<li><a href="register.jsp" accesskey="2" title="">Register</a></li>
<li class="current_page_item"><a href="Admin.jsp" accesskey="2"
title="">Admin</a></li>
</ul>
</div>
</div>
<div id="page-wrapper">
<div id="page" class="container">
<div id="content">
<div class="title">
<h2>Welcome ADMIN login HERE</h2>
</table>
</form>
</div>
</div>
<div id="sidebar"><a href="#" class="image image-full"><img
src="images/9976.png" alt="" /></a></div>
</div>
</div>
21
<div id="featured-wrapper">
<div id="featured" class="container">
</div>
</div>
</body>
</html>
Name : Swarming
Description: A two-column, fixed-width design with dark color scheme.
Version : 1.0
Released : 20131201
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Graphical Password Suffleling</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="http://fonts.googleapis.com/css?
family=Source+Sans+Pro:200,300,400,600,700,900" rel="stylesheet" />
<link href="default.css" rel="stylesheet" type="text/css" media="all" />
<link href="fonts.css" rel="stylesheet" type="text/css" media="all" />
</head>
<body>
<div id="logo">
<h1><a href="#" class="icon icon-group"><span>Graphical Password
Suffleling</span></a></h1>
</div>
<div id="header">
<div id="menu" class="container">
<ul>
<li class="current_page_item"><a href="UHomePage.jsp" accesskey="1"
title="">Homepage</a></li>
<li><a href="ViewProfile.jsp" accesskey="1" title="">View Profile</a></li>
<li><a href="AddFounds.jsp" accesskey="1" title="">Add
Founds</a></li>
<li><a href="TransferFound.jsp" accesskey="1" title="">Transfer
Founds</a></li>
22
<li><a href="ViewFounds.jsp" accesskey="1" title="">View
Founds</a></li>
<li><a href="login.jsp" accesskey="2" title="">Logout</a></li>
</ul>
</div>
</div>
<div id="page-wrapper">
<div id="page" class="container">
<div id="content">
<div class="title">
<%String uname=(String)session.getAttribute("uname");
String id=(String)session.getAttribute("id");%>
<h2>Welcome <%=uname%></h2>
</div>
</div>
<div id="sidebar"><a href="#" class="image image-full"><img
src="images/9976.png" alt="" /></a></div>
</div>
</div>
<div id="featured-wrapper">
<div id="featured" class="container">
</div>
</div>
</body>
</html>
24
USER REGESTRATION SCREEN:
25
ADMIN LOGIN PAGE:
26
USER LOGIN PAGE:
27
USER HOME PAGE:
28
ADMIN DASHBOARD PAGE:
29
ADD FUNDS PAGE:
30
FUNDS TRANSFER PAGE
31
VIEW FUND DETAILS PAGE:
32
USER VIEW PROFILE PAGE:
7.SYSTEM TESTING
33
The purpose of testing is to discover errors. Testing is the process of trying to
discover every conceivable fault or weakness in a work product. It provides a way to
check the functionality of components, sub assemblies, assemblies and/or a finished
product It is the process of exercising software with the intent of ensuring that the
Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a specific
testing requirement.
TYPES OF TESTS
Unit testing
Unit testing involves the design of test cases that validate that the internal
program logic is functioning properly, and that program inputs produce valid outputs.
All decision branches and internal code flow should be validated. It is the testing of
individual software units of the application .it is done after the completion of an
individual unit before integration. This is a structural testing, that relies on knowledge of
its construction and is invasive. Unit tests perform basic tests at component level and
test a specific business process, application, and/or system configuration. Unit tests
ensure that each unique path of a business process performs accurately to the
documented specifications and contains clearly defined inputs and expected results.
Integration testing
Integration tests are designed to test integrated software components to
determine if they actually run as one program. Testing is event driven and is more
concerned with the basic outcome of screens or fields. Integration tests demonstrate that
although the components were individually satisfaction, as shown by successfully unit
testing, the combination of components is correct and consistent. Integration testing is
specifically aimed at exposing the problems that arise from the combination of
components.
Functional test
Functional tests provide systematic demonstrations that functions tested are
available as specified by the business and technical requirements, system
documentation, and user manuals.
Functional testing is centered on the following items:
Valid Input : identified classes of valid input must be accepted.
Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application outputs must be exercised.
34
Systems/Procedures : interfacing systems or procedures must be invoked.
Organization and preparation of functional tests is focused on requirements, key
functions, or special test cases. In addition, systematic coverage pertaining to identify
Business process flows; data fields, predefined processes, and successive processes must
be considered for testing. Before functional testing is complete, additional tests are
identified and the effective value of current tests is determined.
System Test
System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An
example of system testing is the configuration oriented system integration test. System
testing is based on process descriptions and flows, emphasizing pre-driven process links
and integration points.
White Box Testing
White Box Testing is a testing in which in which the software tester has
knowledge of the inner workings, structure and language of the software, or at least its
purpose. It is purpose. It is used to test areas that cannot be reached from a black box
level.
Black Box Testing
Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as most
other kinds of tests, must be written from a definitive source document, such as
specification or requirements document, such as specification or requirements
document. It is a testing in which the software under test is treated, as a black box .you
cannot “see” into it. The test provides inputs and responds to outputs without
considering how the software works.
Unit Testing
Unit testing is usually conducted as part of a combined code and unit test phase
of the software lifecycle, although it is not uncommon for coding and unit testing to be
conducted as two distinct phases.
Test strategy and approach
Field testing will be performed manually and functional tests will be written in detail.
Test objectives
All field entries must work properly.
Pages must be activated from the identified link.
The entry screen, messages and responses must not be delayed.
35
Features to be tested
Verify that the entries are of the correct format
No duplicate entries should be allowed
All links should take the user to the correct page.
Integration Testing
Software integration testing is the incremental integration testing of two or more
integrated software components on a single platform to produce failures caused by
interface defects.
The task of the integration test is to check that components or software applications, e.g.
components in a software system or – one step up – software applications at the
company level – interact without error.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
Acceptance Testing
User Acceptance Testing is a critical phase of any project and requires significant
participation by the end user. It also ensures that the system meets the functional
requirements.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
36
8.CONCLUSION AND FUTURE WORK
37
8.1 CONCLUSION:
The Web-Based Graphical Password Authentication System offers a secure and user-
friendly alternative to traditional text-based passwords. By leveraging images or patterns
instead of alphanumeric characters, it enhances security against common attacks such as
brute force and dictionary attacks. Additionally, graphical passwords improve
memorability, reducing the likelihood of users forgetting their credentials while
maintaining a high level of security.
Despite its advantages, the system faces challenges such as susceptibility to shoulder
surfing and the need for optimized image selection to prevent predictability.
Implementing additional security measures, such as dynamic image grids, multi-factor
authentication, or randomized image sequences, can further enhance protection. User
experience should also be considered, ensuring that the authentication process remains
intuitive and efficient across various devices and platforms.
In conclusion, a Web-Based Graphical Password Authentication System provides an
innovative approach to secure authentication, balancing security and usability. Future
improvements can focus on refining security mechanisms, integrating AI-driven
anomaly detection, and expanding adaptability for real-world applications. With
continuous development, this authentication method has the potential to replace or
complement traditional password systems, contributing to a safer digital environment.
38
authentication—where security levels adjust based on user behavior and risk assessment
—can provide personalized security measures based on login patterns and device usage.
Lastly, future work can explore the scalability and cross-platform compatibility of
graphical password authentication. As web applications become more complex, ensuring
seamless authentication across different devices, browsers, and screen resolutions is
essential. Cloud-based implementations and blockchain-backed authentication methods
can enhance data integrity and prevent unauthorized access. Additionally, usability
studies focusing on accessibility for individuals with disabilities will help ensure that
graphical password systems are inclusive and practical for all users.
9.BIBILIOGRAPHY
9.1 Books
39
1. The Unified Modeling Language User Guide
Written by UML's creators—Grady Booch, James Rumbaugh, and Ivar Jacobson
2. Object-Oriented Software Engineering Using UML, Patterns, and Java
By Bernd Bruegge and Allen Dutoit.
3. Think Python, 2nd Edition
web site references:
Instinctools
OpenXcell
Appello Software
Saigon
Taglogy
9.2 References
1. Blonder, G. (1996). Graphical passwords. Lucent Technologies, Inc.
Blonder introduced one of the earliest concepts of graphical passwords, where users
select predefined regions on an image as their password. This model laid the foundation
for modern graphical password authentication systems, emphasizing the role of images
in security.
2. Wiedenbeck, S., Waters, J., Sobrado, L., & Birget, J.-C. (2005). Design and
evaluation of a shoulder-surfing resistant graphical password scheme. In
Proceedings of the Working Conference on Advanced Visual Interfaces (AVI), pp.
177-184.
This paper discusses the security vulnerabilities of graphical passwords and introduces a
method to resist shoulder-surfing attacks. The study evaluates the usability and security
trade-offs in graphical password authentication.
3. Jermyn, I., Mayer, A., Monrose, F., Reiter, M. K., & Rubin, A. D. (1999). The
design and analysis of graphical passwords. In Proceedings of the 8th USENIX
Security Symposium, pp. 1-14.
The authors present various graphical password schemes, such as click-based and draw-
based authentication systems. Their research includes security analysis and the
advantages of graphical passwords over traditional alphanumeric passwords.
4. Dhamija, R., & Perrig, A. (2000). Déjà Vu: A user study using images for
authentication. In Proceedings of the 9th USENIX Security Symposium, pp. 45-58.
The "Déjà Vu" system focuses on authentication using recognition-based image
selection. The study evaluates its security and usability compared to traditional
password-based authentication.
40
5. Thorpe, J., & van Oorschot, P. C. (2004). Graphical dictionaries and the
memorable space of graphical passwords. In Proceedings of the 13th USENIX
Security Symposium.
This research highlights how graphical passwords are prone to dictionary attacks. The
authors propose methods to increase security while maintaining memorability in user-
selected passwords.
6. Zhao, H., & Li, X. (2007). S3PAS: A Scalable Shoulder-Surfing Resistant
Textual-Graphical Password Authentication Scheme. In Proceedings of the 21st
International Conference on Advanced Information Networking and Applications
(AINA), pp. 467-472.
S3PAS is a hybrid approach combining textual and graphical elements to prevent
shoulder-surfing attacks. The study explores the system’s effectiveness against common
security threats.
7. Biddle, R., Chiasson, S., & van Oorschot, P. C. (2012). Graphical passwords:
Learning from the first twelve years. ACM Computing Surveys, 44(4), 1-41.
This comprehensive survey reviews different graphical password techniques, their
security challenges, and user acceptance over twelve years of research and development.
8. Chiasson, S., Stobert, E., Forget, A., Biddle, R., & van Oorschot, P. C. (2012).
Persuasive cued click-points: Design, implementation, and evaluation of a
knowledge-based authentication mechanism. IEEE Transactions on Dependable
and Secure Computing, 9(2), 222-235.
The authors propose the Persuasive Cued Click-Points (PCCP) technique, which
improves the security of click-based graphical passwords by guiding users toward more
secure choices.
9. Khot, R. A., & Kumaraguru, P. (2013). Shoulder-surfing resistant text-based
authentication schemes. In Proceedings of the 5th ACM Workshop on Security and
Privacy in Smartphones and Mobile Devices (SPSM), pp. 57-68.
10. Kumar, M., Garfinkel, T., Boneh, D., & Winograd, T. (2007). Reducing
shoulder-surfing by using gaze-based password entry. In Proceedings of the 3rd
Symposium on Usable Privacy and Security (SOUPS), pp. 13-19.
The research introduces an innovative gaze-based graphical password system that
utilizes eye-tracking technology to improve security against shoulder-surfing attacks.
These references provide a strong foundation for understanding the development,
security, usability, and future advancements in web-based graphical password
authentication systems. Would you like help in formatting them in a specific citation
style (APA, IEEE, etc.)?
41