GRAPHICAL PASSWORD SUFFLELING

The Project Report is submitted in partial fulfillment of the

requirements for the award of the degree of
Master of Computer Applications

Submitted by:
DASARI DHANA SYAM GANESH
2385351022

Under the Esteemed Guidance of

Dr. V .BHASKARA MURTHY
Professor & HOD
Dept. of MCA
B.V. Raju College
Vishnupur::Bhimavaram

Submitted to
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING
COLLEGE OF ENGINEERING ADIKAVI NANNAYA UNIVERSITY
RAJAHMAHENDRAVARAM
2024-2025
 B.V. RAJUCOLLEGE (AUTONOMOUS)
(Re-Accredited with ‘B++’ Grade by NAAC)

Department of MCA
Vishnupur :: Bhimavaram

CERTIFICATE

This is to certify that this project entitled “GRAPHICAL PASSWORD

SUFFLELING” submitted in partial fulfillment of the degree of MASTER OF
COMPUTER APPLICATIONS to Adikavi Nannaya University from 7I
TECHNOLOGIES through B.V. Raju College, done by Mr. DASARI
DHANA SYAM GANESH Regd. No. 2385351022 is an authentic work carried
out by him during the Academic Year 2024-2025 at under my guidance. The
matter embodied in this project work has not been submitted earlier for award of
any degree or diploma to the best of my knowledge and belief.

Internal Guide Head of the Department

External Examiner Principal

 ACKNOWLEDGEMENTS
The satisfaction and euphoria that accompany the successful completion of any
task would be incomplete without the mention of people who made it possible, whose
constant guidance and encouragement crowned our efforts with success. It is a pleasant
aspect that I have now the opportunity to express my gratitude for all of them.

The first person I would like to thank Dr. I.R.krishnam Raju, Principal ,

B V Raju College, Bhimavaram. His wide knowledge and logical way of

thinking have made a deep impression on me. His understanding, encouragement and
personal guidance have provided the basis for this thesis. He is a source of inspiration
for innovative ideas and his kind support is well known to all his students and
colleagues.
I wish to thank my guide Dr. V. BHASKARA MURTHY, Professor& HOD,

Dept of MCA for his support and valuable suggestions for the successful completion
of this project.

DASARI DHANA SYAM GANESH

2385351022
 DECLARATION

This is to certify that the project report entitled “GRAPHICAL PASSWORD

SUFFLELING” is done by me is an authentic work carried out for the partial
fulfillment of the requirements for the award of the degree of Master of

Computer Applications under the guidance of Dr. V. BHASKARA

MURTHY, Professor & HOD, Dept of MCA. The matter embodied in this
project work has not been submitted earlier for award of any degree or diploma to
the best of my knowledge and belief.

Signature of the student

DASARI DHANA SYAM GANESH

Reg. No: 2385351022
 INDEX
Chapter Page No.

1. INTRODUCTION 1-2
1.1 About the Project
1.2 Purpose
1.3 Scope
1.4 Motivation
2. LITERATURE SURVEY 3-4

3. SYSTEM ANALYSIS 5-11

3.1.1 Existing System
3.1.2 Disadvantages of Existing System
3.2.1 Proposed System
3.2.2 Advantages of Proposed System
3.3.1 Feasibility Study
3.3.1.1 Economical Feasibility
3.3.1.2 Technical Feasibility
3.3.1.3 Social Feasibility
3.4.System Requirements Specification
3.4.1 Hardware Requirements
3.4.2 Software Requirements
3.4.3 Functional Requirements
3.4.4 Non Functional requirements

4. SYSTEM DESIGN 12-20

4.1 System Architecture Diagram
4.2. Modules in the project
4.3. UML Diagrams
4.3.1 Use case diagram
4.3.2 Class diagram
4.3.3 Sequence diagram
4.3.4 Collaborative Diagram
4.3.5 Flowchart Diagram
4.4 Database Design
 4.5 Input and Output Design
5. SYSTEM IMPLEMENTATION 21-23
5.1 Fron End Tools : Introduction
5.2 Backend Toos: Introduction
5.3. Source code

6. SCREENS 24-33
6.1 Screenshots

7. SYSTEM TESTING 34-36

8. CONCLUSION AND FUTURE WORK 37-38

9. BIBILIOGRAPHY 38-40
9.1 Books
9.2 References
 LIST OF FIGURE

S.No Fig.No Fig. Name Pg.No

1 4.1.1 System Architecture 10
2 4.2.1.1 Use Case Diagram 11
3 4.2.2.1 Class Diagram 12
4 4.2.3.1 Sequence Diagram 13
5 4.2.4.1 Collaborative diagram 14
6 4.2.5.1 Flowchart Diagram 15
7 6.1 Home page Screen 24
8 6.2 User Registration 25

9 6.3 Admin Login page 26

10 6.4 User Login page 27
11 6.5 User Home page 28
12 6.6 Admin Dashboard 29
13 6.7 Add Funds Page 30
14 6.8 Funds Transfer Page 31
15 6.9 View Fund Details 32
16 6.10 User View Profile Page 33
 1. INTRODUCTION

1.1 About This Project

This project presents a simple and user-friendly graphical password authentication
system aimed at enhancing both usability and security in user authentication processes.
Unlike traditional alphanumeric passwords that rely on memorizing complex strings of
characters, this system leverages the human brain's natural ability to recognize and
remember images more easily.
The proposed system is based on the concept of image-based authentication, where
users are required to select a series of images or interact with specific parts of an image
(such as clicking on certain regions or drawing patterns) to create and later recall their
passwords. The primary goal is to reduce password fatigue, improve memorability,
and minimize risks associated with weak or reused passwords.

1.2 Purpose
The primary purpose of this project is to design and implement a simple, secure, and
user-friendly graphical password authentication system that addresses the limitations of
traditional text-based passwords. While alphanumeric passwords are widely used, they
often suffer from poor memorability, predictable patterns, and vulnerability to security
threats such as brute-force attacks and social engineering.

1.3 Scope
The scope of this project includes the design, development, and evaluation of a
simple graphical password authentication system intended to enhance both security and
user experience in authentication processes. The system focuses on using visual
elements—such as images, patterns, or click-points—as a replacement for traditional
text-based passwords.

1.4 Motivation
The motivation behind this project stems from the increasing need for secure yet
user-friendly authentication systems in today’s digital world. Traditional alphanumeric
passwords, while widely used, present several challenges:
Users often create weak or predictable passwords for ease of memorization.
Forgotten passwords are common, leading to frequent resets and poor user experience.

1
These passwords are vulnerable to various attacks, including brute-force, dictionary
attacks, and phishing.
As systems become more secure, the usability of security measures often declines,
creating a trade-off between convenience and protection.
With the widespread use of smartphones, touch interfaces, and visual content, graphical
passwords provide a natural and intuitive way for users to interact with authentication
systems. Humans tend to remember visual information (like faces, places, or patterns)
better and longer than text, making graphical passwords a promising solution.
This project is driven by the desire to:
Reduce user frustration by offering a more memorable alternative to traditional
passwords.
Enhance security through less predictable, image-based authentication methods.
Explore innovative interfaces that align with modern user behavior and technology
trends.
Support ongoing research in the field of usable security and alternative authentication
mechanisms.

2
 2. LITERATURE SURVEY
1. Passfaces – Recognition-Based Authentication
Authors: RealUser Corporation; Brostoff, S. and Sasse, M.A. (2000)
Overview:
Passfaces is a recognition-based graphical password system where users select a set of
human faces from a larger group. Studies by Brostoff and Sasse highlighted its usability,
demonstrating that users could remember image-based passwords more reliably than
alphanumeric ones.
2. Déjà Vu – Random Art-Based Authentication
Authors: Rachna Dhamija and Adrian Perrig (2000)
Overview:
Déjà Vu uses abstract images generated algorithmically. Users must recognize pre-
selected images from decoys during authentication. It demonstrates the effectiveness of
image recognition over recall.
3. Draw-a-Secret (DAS) – Recall-Based Scheme
Authors: Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D.
Rubin (1999)
Overview:
In the DAS system, users draw a simple picture on a grid. The system stores the
sequence of grid cells traversed. Though innovative, it raised concerns regarding
usability and memorability over time.
4. PassPoints – Click-Based Passwords
Authors: Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy, and
Nasir Memon (2005)
Overview:
PassPoints requires users to click on specific points in an image in a particular order. It
leverages the user's ability to recall specific image details, showing improved
memorability but also highlighting vulnerabilities to shoulder-surfing and hotspot
attacks.
5. Story-Based Passwords – Combining Recognition with Narrative
Authors: Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle, and P.C. van
Oorschot (2009)
Overview:
This method allows users to create a sequence of images forming a story, enhancing

3
memory through associations. It blends both recognition and recall techniques,
improving user retention and password strength.
6. Cued Click Points (CCP) – Enhanced Click-Based Scheme
Authors: Sonia Chiasson, Alain Forget, Robert Biddle, and P.C. van Oorschot (2007)
Overview:
CCP builds upon PassPoints by providing a different image for each click point, guided
by the previous click. This reduces predictability and improves security by minimizing
hotspot clustering.
7. Hybrid Approaches and Biometric Integration
Authors: Jansen, W.A., and Ayers, R. (2004)
Overview:
They explored combining graphical passwords with biometrics (fingerprints, face
detection) to increase security. This hybrid approach targets high-security systems where
usability must not compromise protection.

4
 3. SYSTEM ANALYSIS

3.1.1 EXISTING SYSTEM

Traditional password authentication systems primarily rely on alphanumeric passwords,
which are prone to security risks such as brute force attacks, keylogging, and phishing.
Many users struggle to remember complex passwords and often resort to weak, easily
guessable combinations. To counteract this, alternative authentication methods,
including graphical password systems, have been developed. These systems use images,
patterns, or gestures instead of text-based passwords, making them more resistant to
attacks and easier to remember.

Existing graphical password authentication systems fall into three main categories:
recognition-based, recall-based, and cued-recall methods. Recognition-based systems
require users to select pre-chosen images from a set, while recall-based systems involve
drawing a pattern or clicking on specific areas of an image. Cued-recall methods provide
hints or partial images to aid memory recall. Despite their advantages in usability and
security, these systems can be vulnerable to shoulder surfing, smudge attacks, and
pattern predictability, especially in public or shared environments.

Modern web-based graphical password systems integrate additional security measures,

such as randomization of image positions, multi-factor authentication, and encryption
techniques to enhance protection. Some systems also incorporate artificial intelligence
and biometric verification to improve security further. However, challenges remain in
balancing security and usability, as overly complex graphical authentication methods
can reduce user adoption and increase login time. Continuous research and innovation
are necessary to refine these systems and make them more practical for widespread use.

3.1.2 DISADVANTAGES OF EXISTING SYSTEM:

 Shoulder Surfing Vulnerability.

 Complexity in Implementation.

 Storage and Processing Overhead.

5
3.2.1 PROPOSED SYSTEM
A Web-Based Graphical Password Authentication System is a secure login mechanism
that enhances traditional password authentication by incorporating images, patterns, and
visual elements. Unlike text-based passwords, which can be easily guessed or stolen
through keylogging and brute-force attacks, graphical passwords leverage human
memory’s ability to recall images more efficiently. The proposed system allows users to
select or draw a sequence of images, shapes, or patterns during the registration process,
which will then be used for authentication. This approach enhances security while
improving user experience, particularly for individuals who struggle with alphanumeric
passwords.

The core functionality of the system includes user registration, authentication, and
password recovery. During registration, users will either select predefined images in a
specific order or draw a pattern on an interactive grid. This information is securely
stored using cryptographic techniques to prevent unauthorized access. During login,
users must replicate their chosen pattern or selection sequence to gain access. The
system will implement anti-shoulder surfing techniques, such as dynamic image
positioning and randomized grid layouts, to prevent attackers from stealing credentials
by observing login attempts.

This graphical password system offers several advantages over conventional

authentication methods. It enhances security by increasing the complexity of attacks, as
graphical inputs have significantly larger password spaces than text-based passwords.
Additionally, it improves usability since images are easier to remember than complex
alphanumeric strings. The system can be deployed on web platforms with support for
HTML5, JavaScript, and backend frameworks like Node.js or Django, ensuring cross-
platform compatibility. By integrating this method with multi-factor authentication
(MFA), the system can further enhance security, making it a robust solution for
protecting sensitive online accounts.

3.2.2 ADVANTAGES OF PROPOSED SYSTEM:

The proposed web-based graphical password authentication system offers enhanced
security compared to traditional text-based passwords. Graphical passwords leverage the
6
human brain's superior ability to recognize and recall images, making them less
susceptible to brute force and dictionary attacks. Unlike alphanumeric passwords, which
can be easily guessed or cracked, graphical passwords introduce an additional layer of
complexity, reducing the risk of unauthorized access. Furthermore, this system can
implement dynamic password variations, such as click-based or pattern-based
authentication, further strengthening security against phishing and keylogging attacks.

Another advantage of this system is improved user experience and memorability.

Traditional text-based passwords often require complex combinations of letters,
numbers, and symbols, making them difficult to remember and leading users to write
them down or reuse weak passwords. A graphical password system, however, provides a
more intuitive and user-friendly authentication process by utilizing images, patterns, or
gestures that are easier for users to recall. This reduces the cognitive load on users,
minimizing frustration while maintaining strong security measures. As a result, users are
more likely to adopt and adhere to secure authentication practices without compromising
convenience.

Lastly, the system offers versatility and adaptability across different platforms and
devices. It can be integrated with touchscreens, mobile devices, and web applications,
providing a seamless authentication experience across multiple environments. This
adaptability makes it an ideal solution for modern applications where users interact with
various devices. Additionally, the system can incorporate multi-factor authentication
(MFA) by combining graphical passwords with biometric verification or one-time
codes, further enhancing security. With its strong security foundation and user-friendly
design, the proposed graphical password authentication system presents a robust
alternative to traditional authentication methods in web-based applications.

7
3.3.1 FEASIBILITY STUDY
The feasibility of the project is analyzed in this phase and business proposal is put
forth with a very general plan for the project and some cost estimates. During system
analysis the feasibility study of the proposed system is to be carried out. This is to
ensure that the proposed system is not a burden to the company. For feasibility analysis,
some understanding of the major requirements for the system is essential.

Three key considerations involved in the feasibility analysis are,

 ECONOMICAL FEASIBILITY
 TECHNICAL FEASIBILITY
 SOCIAL FEASIBILITY

3.3.1.1 ECONOMICAL FEASIBILITY

This study is carried out to check the economic impact that the system will have
on the organization. The amount of fund that the company can pour into the research and
development of the system is limited. The expenditures must be justified. Thus the
developed system as well within the budget and this was achieved because most of the
technologies used are freely available. Only the customized products had to be
purchased.

3.3.1.2 TECHNICAL FEASIBILITY

This study is carried out to check the technical feasibility, that is, the
technical requirements of the system. Any system developed must not have a high
demand on the available technical resources. This will lead to high demands on the
available technical resources. This will lead to high demands being placed on the client.
The developed system must have a modest requirement, as only minimal or null changes
are required for implementing this system.

3.3.1.3 SOCIAL FEASIBILITY

The aspect of study is to check the level of acceptance of the system by the user.
This includes the process of training the user to use the system efficiently. The user must
not feel threatened by the system, instead must accept it as a necessity. The level of
acceptance by the users solely depends on the methods that are employed to educate the
user about the system and to make him familiar with it. His level of confidence must be
8
raised so that he is also able to make some constructive criticism, which is welcomed, as
he is the final user of the system.

3.4 SYSTEM REQUIREMENTS SPECIFICATION:

3.4.1 HARDWARE REQUIREMENTS:

 Processor : Intel i5
 RAM : 4 GB(min)
 Hard Disk : 100 GB
 Input Devices : Standard Keyboard and mouse
3.4.2 SOFTWARE REQUIREMENTS:
 Operating system : Windows 10.
 Coding Language : Python
 Database : MySQL

3.4.3 Functional Requirements:

Modules in the Project:
1. User
2. Admin
3. Data Processing
User:
In the web-based graphical password authentication system, users are central to both
its functionality and evaluation. They create graphical passwords by selecting images,
clicking points, or performing gestures, choosing memorable yet secure elements to
define their credentials. During authentication, users accurately recall and reproduce
these passwords, leveraging visual memory for secure and user-friendly access. By
navigating the intuitive web-based interface across devices, they ensure seamless
interaction without specialized hardware. Users also participate in system testing,
providing critical feedback on usability and memorability that validates the system’s
effectiveness and drives refinements. Through real-world adoption in secure
applications, users demonstrate the system’s practicality, directly influencing its success
in mitigating threats like phishing and brute-force attacks while maintaining
accessibility.

Admin:

9
 In the web-based graphical password authentication system, the admin plays a critical
role in ensuring security, functionality, and usability. They manage the image database,
configure system parameters like click-point tolerances, and implement encryption (e.g.,
AES-256) and secure protocols (e.g., HTTPS with TLS 1.3). The admin oversees user
registration, account recovery, and access control, while monitoring for threats like
brute-force attacks. They maintain the web platform, perform software updates, and
ensure compatibility across devices. Additionally, the admin supports users through
tutorials and feedback integration, monitors performance, and conducts security
evaluations, aligning with the system’s goals of enhanced security and accessibility..

Data Preprocessing:
The web-based graphical password authentication system processes data by capturing
user inputs—image selections, click points, or gestures—via a JavaScript-driven
interface. During registration, inputs are normalized (e.g., scaling coordinates), validated
for strength, and hashed (e.g., bcrypt) or encrypted (e.g., AES-256) before storage in a
database like MySQL. Authentication involves real-time input capture, normalization,
and comparison against stored credentials using algorithms like Euclidean distance for
click points or Dynamic Time Warping for gestures, with HTTPS ensuring secure
transmission. Images are compressed and cached for efficiency, while session tokens
(e.g., JWT) secure access. User testing data is anonymized and analyzed for metrics like
success rates, balancing security, usability, and scalability..

3.4.4 Non-Functional requirements:

Performance:
The system’s performance depends on image processing and user interaction speed.
Simple graphical passwords likely require low computational overhead, enabling fast
authentication, assuming efficient image rendering and minimal database lookup times.
No specific performance metrics are provided.
Modifiability:
The system’s simplicity suggests a modular design (e.g., image selection, user input
handling), making it relatively easy to modify features like adding new image sets or
altering authentication rules. However, the abstract doesn’t detail the architecture, so
scalability of modifications is unclear.

10
Portability:
The abstract doesn’t specify platforms, but a graphical system could be portable
across devices with displays (e.g., PCs, smartphones). Portability may be constrained by
dependencies on specific graphical libraries or input methods, which aren’t mentioned.
Reliability:
Reliability hinges on accurate image recognition and user input validation. A simple
system likely has fewer points of failure, but the abstract doesn’t address error handling
or fault tolerance, such as misclicks or system crashes.
Usability:
The system is designed to be user-friendly, leveraging human memory for pictures
over text, which enhances recall and ease of use. The abstract implies intuitive operation
(e.g., selecting images), but doesn’t discuss accessibility or learning curve for diverse
users.

11
 4.SYSTEM DESIGN

4.1 System Architecture Diagram

4.1.1System Architecture

4.2 MODULES IN THE PROJECT:

 User
 Admin
 Data Preprocessing

MODULES DESCRIPTION:

User:
In the web-based graphical password authentication system, users are central to both its
functionality and evaluation. They create graphical passwords by selecting images,
clicking points, or performing gestures, choosing memorable yet secure elements to
define their credentials. During authentication, users accurately recall and reproduce
these passwords, leveraging visual memory for secure and user-friendly access. By
navigating the intuitive web-based interface across devices, they ensure seamless
interaction without specialized hardware. Users also participate in system testing,

12
providing critical feedback on usability and memorability that validates the system’s
effectiveness and drives refinements. Through real-world adoption in secure
applications, users demonstrate the system’s practicality, directly influencing its success
in mitigating threats like phishing and brute-force attacks while maintaining
accessibility.

Admin:
In the web-based graphical password authentication system, the admin plays a critical
role in ensuring security, functionality, and usability. They manage the image database,
configure system parameters like click-point tolerances, and implement encryption (e.g.,
AES-256) and secure protocols (e.g., HTTPS with TLS 1.3). The admin oversees user
registration, account recovery, and access control, while monitoring for threats like
brute-force attacks. They maintain the web platform, perform software updates, and
ensure compatibility across devices. Additionally, the admin supports users through
tutorials and feedback integration, monitors performance, and conducts security
evaluations, aligning with the system’s goals of enhanced security and accessibility..

Data Preprocessing:
The web-based graphical password authentication system processes data by capturing
user inputs—image selections, click points, or gestures—via a JavaScript-driven
interface. During registration, inputs are normalized (e.g., scaling coordinates), validated
for strength, and hashed (e.g., bcrypt) or encrypted (e.g., AES-256) before storage in a
database like MySQL. Authentication involves real-time input capture, normalization,
and comparison against stored credentials using algorithms like Euclidean distance for
click points or Dynamic Time Warping for gestures, with HTTPS ensuring secure
transmission. Images are compressed and cached for efficiency, while session tokens
(e.g., JWT) secure access. User testing data is anonymized and analyzed for metrics like
success rates, balancing security, usability, and scalability..

13
4.3 UML DIAGRAMS

4.2.1 Use Case Diagram

A use case diagram in the Unified Modeling Language (UML) is a type of

behavioral diagram defined by and created from a Use-case analysis. Its purpose is to
present a graphical overview of the functionality provided by a system in terms of
actors, their goals (represented as use cases), and any dependencies between those use
cases. The main purpose of a use case diagram is to show what system functions are
performed for which actor. Roles of the actors in the system can be depicted.

login
login

reset password
USER
view registered user details
ADMIN

logout

logout

4.2.1.1 Use Case Diagram

14
4.2.2 Class Diagram
In software engineering, a class diagram in the Unified Modeling Language (UML)
is a type of static structure diagram that describes the structure of a system by
showing the system's classes, their attributes, operations (or methods), and the
relationships among the classes. It explains which class contains information.

user
admin username
password
username
contact no
password
email
address
login()
view registered user details()
login()
logout()
reset password()
logout()

4.2.2.1 Class Diagram

15
4.2.3 Sequence Diagram
A sequence diagram in Unified Modeling Language (UML) is a kind of
interaction diagram that shows how processes operate with one another and in
what order. It is a construct of a Message Sequence Chart. Sequence diagrams
are sometimes called event diagrams, event scenarios, and timing diagrams.

Admin User Database

login

view registered user details

logout

login

reset password

logout

4.2.3.1 Sequence Diagram

16
4.2.4 Collaborative Diagram:
A collaboration diagram groups together the interactions between different objects.
The interactions are listed as numbered interactions that help to trace the sequence of
the interactions. The collaboration diagram helps to identify all the possible int

1: login
2: view registered user details
3: logout
Admin User

4: login
5: reset password
6: logout

Databas
e

4.2.4.1 Collaboration diagram

17
4.2.5 Flowchart Diagram

4.2.5.1 Flow Chart

18
4.4 INPUT AND OUTPUT DESIGN

Input Design
At this stage choice has to be made about the input media. To conclude
about the input media consideration has to be given to;
 Type of input
 Flexibility of format
 Speed
 Accuracy
 Verification methods
 Rejection rates
 Ease of correction
 Storage and handling requirements
 Security
 Easy to use
 Portability
Keeping in view the above description of the input types and input media, it can be said
that most of the inputs are of the form of internal and interactive. As
Input data is to be the directly keyed in by the user, the keyboard can be considered to be
the most suitable input device.

Output Design
In general are:
 External Outputs whose destination is outside the organization.
 Internal Outputs whose destination is with in organization and they are the
User’s main interface with the computer. Outputs from computer systems are
required primarily to communicate the results of processing to users. They are
also used to provide a permanent copy of the results for later consultation. The
various types of outputs
 Operational outputs whose use is purely with in the computer department.
Interface outputs, which involve the user in communicating directly

19
 5. SYSTEM IMPLEMENTATION
5.1 Front End Tool:

HTML, CSS, and JavaScript are the foundational technologies for creating websites and
web applications. HTML (HyperText Markup Language) structures the content on the
web—defining elements like headings, paragraphs, images, and links. CSS (Cascading
Style Sheets) controls the presentation, allowing developers to style elements with
colors, fonts, layouts, and animations to enhance visual appeal. JavaScript adds
interactivity and dynamic behavior, enabling features like form validation, content
updates without reloading, and complex animations. Together, they form the core trio
that powers everything from simple webpages to complex, interactive web apps.

5.2 Back End tools:

Python is a high-level, versatile programming language known for its simplicity,

readability, and wide range of applications. Its clean syntax makes it beginner-friendly,
while its powerful libraries and frameworks make it a favorite among professionals.
Python is used in various domains such as web development, data science, machine
learning, automation, and scripting. With libraries like NumPy, Pandas, TensorFlow,
and Flask, Python allows developers to build anything from small automation scripts to
complex AI models and web applications. Its strong community support and cross-
platform nature make it one of the most popular and in-demand programming languages
today.

SOURCE CODE:
Admin view

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--
Design by TEMPLATED
http://templated.co
Released for free under the Creative Commons Attribution License

Name : Swarming
Description: A two-column, fixed-width design with dark color scheme.
Version : 1.0
Released : 20131201

-->
<html xmlns="http://www.w3.org/1999/xhtml">
20
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Graphical Password Suffleling</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="http://fonts.googleapis.com/css?
family=Source+Sans+Pro:200,300,400,600,700,900" rel="stylesheet" />
<link href="default.css" rel="stylesheet" type="text/css" media="all" />
<link href="fonts.css" rel="stylesheet" type="text/css" media="all" />

<!--[if IE 6]><link href="default_ie6.css" rel="stylesheet" type="text/css" /><![endif]-->

</head>
<body>
<div id="logo">
<h1><a href="#" class="icon icon-group"><span>Graphical Password
Suffleling</span></a></h1>
</div>
<div id="header">
<div id="menu" class="container">
<ul>
<li><a href="index.html" accesskey="1" title="">Homepage</a></li>
<li><a href="login.jsp" accesskey="1" title="">Login</a></li>
<li><a href="register.jsp" accesskey="2" title="">Register</a></li>
<li class="current_page_item"><a href="Admin.jsp" accesskey="2"
title="">Admin</a></li>
</ul>
</div>
</div>
<div id="page-wrapper">
<div id="page" class="container">
<div id="content">
<div class="title">
<h2>Welcome ADMIN login HERE</h2>

<form action="AdminAction.jsp" method="post">

<table align="center" style="margin-top:50px;">
<tr><th>UserName</th><td><input type="text" name="uname"
required=""></input></td></tr>
<tr><th>Password</th><td><input type="password" name="pwd"
required=""></input></td></tr>
<tr><th></th><td><input type="submit" value="Login"></input>
<input type="reset" value="Reset"></input></td></tr>

</table>
</form>
</div>
</div>
<div id="sidebar"><a href="#" class="image image-full"><img
src="images/9976.png" alt="" /></a></div>

</div>
</div>
21
<div id="featured-wrapper">
<div id="featured" class="container">

</div>
</div>
</body>
</html>

User Home Page

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--
Design by TEMPLATED
http://templated.co
Released for free under the Creative Commons Attribution License

Name : Swarming
Description: A two-column, fixed-width design with dark color scheme.
Version : 1.0
Released : 20131201

-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Graphical Password Suffleling</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="http://fonts.googleapis.com/css?
family=Source+Sans+Pro:200,300,400,600,700,900" rel="stylesheet" />
<link href="default.css" rel="stylesheet" type="text/css" media="all" />
<link href="fonts.css" rel="stylesheet" type="text/css" media="all" />

<!--[if IE 6]><link href="default_ie6.css" rel="stylesheet" type="text/css" /><![endif]-->

</head>
<body>
<div id="logo">
<h1><a href="#" class="icon icon-group"><span>Graphical Password
Suffleling</span></a></h1>
</div>
<div id="header">
<div id="menu" class="container">
<ul>
<li class="current_page_item"><a href="UHomePage.jsp" accesskey="1"
title="">Homepage</a></li>
<li><a href="ViewProfile.jsp" accesskey="1" title="">View Profile</a></li>
<li><a href="AddFounds.jsp" accesskey="1" title="">Add
Founds</a></li>
<li><a href="TransferFound.jsp" accesskey="1" title="">Transfer
Founds</a></li>

22
 <li><a href="ViewFounds.jsp" accesskey="1" title="">View
Founds</a></li>
<li><a href="login.jsp" accesskey="2" title="">Logout</a></li>

</ul>
</div>
</div>
<div id="page-wrapper">
<div id="page" class="container">
<div id="content">
<div class="title">
<%String uname=(String)session.getAttribute("uname");
String id=(String)session.getAttribute("id");%>
<h2>Welcome <%=uname%></h2>

</div>
</div>
<div id="sidebar"><a href="#" class="image image-full"><img
src="images/9976.png" alt="" /></a></div>

</div>
</div>
<div id="featured-wrapper">
<div id="featured" class="container">

</div>
</div>
</body>
</html>

6.SCREENS & REPORTS

23
HOME PAGE:

6.1 Home page Screen.

24
USER REGESTRATION SCREEN:

6.2 User Registration Screen.

25
ADMIN LOGIN PAGE:

6.3 Admin Login page Screen.

26
USER LOGIN PAGE:

6.4 User Login page Screen.

27
USER HOME PAGE:

6.5 User Home page Report.

28
ADMIN DASHBOARD PAGE:

6.6 Admin Dashboard Page Report.

29
ADD FUNDS PAGE:

6.7 Add Funds Page Report.

30
FUNDS TRANSFER PAGE

6.8 Funds Transfer Page Screen.

31
VIEW FUND DETAILS PAGE:

6.9 View Fund Details Page Report.

32
USER VIEW PROFILE PAGE:

6.10 User View Profile Page Report.

7.SYSTEM TESTING

33
 The purpose of testing is to discover errors. Testing is the process of trying to
discover every conceivable fault or weakness in a work product. It provides a way to
check the functionality of components, sub assemblies, assemblies and/or a finished
product It is the process of exercising software with the intent of ensuring that the
Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a specific
testing requirement.

TYPES OF TESTS
Unit testing
Unit testing involves the design of test cases that validate that the internal
program logic is functioning properly, and that program inputs produce valid outputs.
All decision branches and internal code flow should be validated. It is the testing of
individual software units of the application .it is done after the completion of an
individual unit before integration. This is a structural testing, that relies on knowledge of
its construction and is invasive. Unit tests perform basic tests at component level and
test a specific business process, application, and/or system configuration. Unit tests
ensure that each unique path of a business process performs accurately to the
documented specifications and contains clearly defined inputs and expected results.
Integration testing
Integration tests are designed to test integrated software components to
determine if they actually run as one program. Testing is event driven and is more
concerned with the basic outcome of screens or fields. Integration tests demonstrate that
although the components were individually satisfaction, as shown by successfully unit
testing, the combination of components is correct and consistent. Integration testing is
specifically aimed at exposing the problems that arise from the combination of
components.
Functional test
Functional tests provide systematic demonstrations that functions tested are
available as specified by the business and technical requirements, system
documentation, and user manuals.
Functional testing is centered on the following items:
Valid Input : identified classes of valid input must be accepted.
Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application outputs must be exercised.
34
 Systems/Procedures : interfacing systems or procedures must be invoked.
Organization and preparation of functional tests is focused on requirements, key
functions, or special test cases. In addition, systematic coverage pertaining to identify
Business process flows; data fields, predefined processes, and successive processes must
be considered for testing. Before functional testing is complete, additional tests are
identified and the effective value of current tests is determined.
System Test
System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An
example of system testing is the configuration oriented system integration test. System
testing is based on process descriptions and flows, emphasizing pre-driven process links
and integration points.
White Box Testing
White Box Testing is a testing in which in which the software tester has
knowledge of the inner workings, structure and language of the software, or at least its
purpose. It is purpose. It is used to test areas that cannot be reached from a black box
level.
Black Box Testing
Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as most
other kinds of tests, must be written from a definitive source document, such as
specification or requirements document, such as specification or requirements
document. It is a testing in which the software under test is treated, as a black box .you
cannot “see” into it. The test provides inputs and responds to outputs without
considering how the software works.
Unit Testing
Unit testing is usually conducted as part of a combined code and unit test phase
of the software lifecycle, although it is not uncommon for coding and unit testing to be
conducted as two distinct phases.
Test strategy and approach
Field testing will be performed manually and functional tests will be written in detail.
Test objectives
 All field entries must work properly.
 Pages must be activated from the identified link.
 The entry screen, messages and responses must not be delayed.

35
Features to be tested
 Verify that the entries are of the correct format
 No duplicate entries should be allowed
 All links should take the user to the correct page.
Integration Testing
Software integration testing is the incremental integration testing of two or more
integrated software components on a single platform to produce failures caused by
interface defects.
The task of the integration test is to check that components or software applications, e.g.
components in a software system or – one step up – software applications at the
company level – interact without error.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
Acceptance Testing
User Acceptance Testing is a critical phase of any project and requires significant
participation by the end user. It also ensures that the system meets the functional
requirements.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.

36
8.CONCLUSION AND FUTURE WORK
37
8.1 CONCLUSION:
The Web-Based Graphical Password Authentication System offers a secure and user-
friendly alternative to traditional text-based passwords. By leveraging images or patterns
instead of alphanumeric characters, it enhances security against common attacks such as
brute force and dictionary attacks. Additionally, graphical passwords improve
memorability, reducing the likelihood of users forgetting their credentials while
maintaining a high level of security.
Despite its advantages, the system faces challenges such as susceptibility to shoulder
surfing and the need for optimized image selection to prevent predictability.
Implementing additional security measures, such as dynamic image grids, multi-factor
authentication, or randomized image sequences, can further enhance protection. User
experience should also be considered, ensuring that the authentication process remains
intuitive and efficient across various devices and platforms.
In conclusion, a Web-Based Graphical Password Authentication System provides an
innovative approach to secure authentication, balancing security and usability. Future
improvements can focus on refining security mechanisms, integrating AI-driven
anomaly detection, and expanding adaptability for real-world applications. With
continuous development, this authentication method has the potential to replace or
complement traditional password systems, contributing to a safer digital environment.

8.2 FUTURE WORK:

As graphical password authentication systems gain popularity, future research can
focus on enhancing security and usability. One potential area for improvement is
resistance to shoulder surfing and brute-force attacks. Implementing dynamic challenge-
response mechanisms, such as randomized image grids or gesture-based interactions,
can make it harder for attackers to replicate authentication patterns. Additionally,
integrating artificial intelligence (AI) for anomaly detection can help identify suspicious
login attempts and provide an extra layer of security.

Another promising direction is the development of multi-factor authentication (MFA)

models that combine graphical passwords with biometrics or traditional text-based
passwords. By incorporating fingerprint recognition, facial authentication, or behavioral

biometrics, a web-based graphical password system can significantly improve security

without compromising user experience. Furthermore, research into adaptive

38
authentication—where security levels adjust based on user behavior and risk assessment
—can provide personalized security measures based on login patterns and device usage.
Lastly, future work can explore the scalability and cross-platform compatibility of
graphical password authentication. As web applications become more complex, ensuring
seamless authentication across different devices, browsers, and screen resolutions is
essential. Cloud-based implementations and blockchain-backed authentication methods
can enhance data integrity and prevent unauthorized access. Additionally, usability
studies focusing on accessibility for individuals with disabilities will help ensure that
graphical password systems are inclusive and practical for all users.

9.BIBILIOGRAPHY

9.1 Books

39
1. The Unified Modeling Language User Guide
Written by UML's creators—Grady Booch, James Rumbaugh, and Ivar Jacobson
2. Object-Oriented Software Engineering Using UML, Patterns, and Java
By Bernd Bruegge and Allen Dutoit.
3. Think Python, 2nd Edition
web site references:
 Instinctools
 OpenXcell
 Appello Software
 Saigon
 Taglogy
9.2 References
1. Blonder, G. (1996). Graphical passwords. Lucent Technologies, Inc.
Blonder introduced one of the earliest concepts of graphical passwords, where users
select predefined regions on an image as their password. This model laid the foundation
for modern graphical password authentication systems, emphasizing the role of images
in security.
2. Wiedenbeck, S., Waters, J., Sobrado, L., & Birget, J.-C. (2005). Design and
evaluation of a shoulder-surfing resistant graphical password scheme. In
Proceedings of the Working Conference on Advanced Visual Interfaces (AVI), pp.
177-184.
This paper discusses the security vulnerabilities of graphical passwords and introduces a
method to resist shoulder-surfing attacks. The study evaluates the usability and security
trade-offs in graphical password authentication.
3. Jermyn, I., Mayer, A., Monrose, F., Reiter, M. K., & Rubin, A. D. (1999). The
design and analysis of graphical passwords. In Proceedings of the 8th USENIX
Security Symposium, pp. 1-14.
The authors present various graphical password schemes, such as click-based and draw-
based authentication systems. Their research includes security analysis and the
advantages of graphical passwords over traditional alphanumeric passwords.
4. Dhamija, R., & Perrig, A. (2000). Déjà Vu: A user study using images for
authentication. In Proceedings of the 9th USENIX Security Symposium, pp. 45-58.
The "Déjà Vu" system focuses on authentication using recognition-based image
selection. The study evaluates its security and usability compared to traditional
password-based authentication.

40
5. Thorpe, J., & van Oorschot, P. C. (2004). Graphical dictionaries and the
memorable space of graphical passwords. In Proceedings of the 13th USENIX
Security Symposium.
This research highlights how graphical passwords are prone to dictionary attacks. The
authors propose methods to increase security while maintaining memorability in user-
selected passwords.
6. Zhao, H., & Li, X. (2007). S3PAS: A Scalable Shoulder-Surfing Resistant
Textual-Graphical Password Authentication Scheme. In Proceedings of the 21st
International Conference on Advanced Information Networking and Applications
(AINA), pp. 467-472.
S3PAS is a hybrid approach combining textual and graphical elements to prevent
shoulder-surfing attacks. The study explores the system’s effectiveness against common
security threats.
7. Biddle, R., Chiasson, S., & van Oorschot, P. C. (2012). Graphical passwords:
Learning from the first twelve years. ACM Computing Surveys, 44(4), 1-41.
This comprehensive survey reviews different graphical password techniques, their
security challenges, and user acceptance over twelve years of research and development.
8. Chiasson, S., Stobert, E., Forget, A., Biddle, R., & van Oorschot, P. C. (2012).
Persuasive cued click-points: Design, implementation, and evaluation of a
knowledge-based authentication mechanism. IEEE Transactions on Dependable
and Secure Computing, 9(2), 222-235.
The authors propose the Persuasive Cued Click-Points (PCCP) technique, which
improves the security of click-based graphical passwords by guiding users toward more
secure choices.
9. Khot, R. A., & Kumaraguru, P. (2013). Shoulder-surfing resistant text-based
authentication schemes. In Proceedings of the 5th ACM Workshop on Security and
Privacy in Smartphones and Mobile Devices (SPSM), pp. 57-68.
10. Kumar, M., Garfinkel, T., Boneh, D., & Winograd, T. (2007). Reducing
shoulder-surfing by using gaze-based password entry. In Proceedings of the 3rd
Symposium on Usable Privacy and Security (SOUPS), pp. 13-19.
The research introduces an innovative gaze-based graphical password system that
utilizes eye-tracking technology to improve security against shoulder-surfing attacks.
These references provide a strong foundation for understanding the development,
security, usability, and future advancements in web-based graphical password
authentication systems. Would you like help in formatting them in a specific citation
style (APA, IEEE, etc.)?

41