PRESENTED BY

Asim Kumar
Pathak
CS-47/09
Introduction
Overview of the Authentication Methods
Text Password and drawbacks.
Graphical Passwords.
The survey
 Recall Based Techniques
 Recognition Based Techniques
Discussion
 Advantages
 disadvantages
Conclusion
 What is PASSWORD

The term PASSWORD commonly refers to a secret used for

authentication. Passwords are the most commonly used method for
identifying users in computer and communication systems.

 PASSWORDS are used for:

 Logging into accounts.

 Retrieving emails.
 Accessing applications.
 Networks.
 Websites
 Databases
 workstations
 Token based authentication
 Key cards, bank cards, smart card, …

 Biometric based authentication

 Fingerprints, iris scan, facial recognition, …

 Knowledge based authentication

 Text-based passwords, picture-based passwords, …
 Most widely used authentication techniques
Text Password
Text password is a secret word or string of characters that is
used for user authentication to prove his identity and gain access
to resources.

Drawback
 Difficulty of remembering passwords.
easy to remember -> easy to guess


 hard to guess -> hard to remember

 Vulnerable to attacks like Dictionary attack, Brute

force
attack .
Many solutions have been proposed. Graphical
passwordis one of the solutions.
 Graphical passwords were originally described by BLONDER
in 1996.

 A graphical password is an authentication system that

works by having the user select from images, in a specific
order, presented in a graphical user interface (GUI).

 For this reason, the graphical-password approach is

sometimes called graphical user authentication (GUA).
Use of graphical password:

 Web log-in application.

 ATM machine.

 Mobile device.
 Recall Based Techniques
A user is asked to reproduce something that he created or
selected earlier during the registration stage

 Recognition Based Techniques

A user is presented with a set of images and the user passes the
authentication by recognizing and identifying the images he
selected during the registration stage
 Draw-A-Secret (DAS) Scheme
 User draws a simple picture on a 2D grid, the coordinates of the
grids occupied by the picture are stored in the order of drawing.

 Redrawing has to touch

the same grids in the
same sequence in
authentication.
 Signature scheme
Here authentication is conducted by having the user drawing
their signature using a mouse.
 Pass Point Scheme
User click on any place on an image to create a password. A
tolerance around each chosen pixel is calculated. In order to be
authenticated, user must click within the tolerances in the
correct sequence.
 Dhamija and Perrig Scheme
Pick several pictures out of many choices, identify them later
in authentication.
 Passface scheme:
In this technique human faces are used as password.
 Sobrado and Birget Scheme
System display a number of pass-objects (pre-selected by user)
among many other objects, user click inside the convex hull
bounded by pass-objects.
 Advantages of Graphical password

 Graphical password schemes provide a way of making more

human-friendly passwords .

 Here the security of the system is very high.

 Dictionary attacks and brute force search are infeasible.

 Disadvantages of Graphical password

 Password registration and log-in process take too long.

 Require much more storage space than text based passwords.

 Shoulder Surfing .

- As the name implies, shoulder surfing is watching over people's

shoulders as they process information.

- Because of their graphic nature, nearly all graphical password schemes

are quite vulnerable to shoulder surfing.
 Graphical passwords are an alternative to textual alphanumeric
password.

It satisfies both conflicting requirements i.e. it is easy to

remember & it is hard to guess.

By the solution of the shoulder surfing problem, it becomes more

secure & easier password scheme.

Not yet widely used, current graphical password techniques are

still immature.
THANK
YOU…