PRESENTED BY

S.MANOGNA
V.ANKITHA
SPEC
 The most commonly used form of user authentication.
The weakest links of computer security systems.
Two conflicting requirements of alphanumeric passwords
(1) Easy to remember and
(2) Hard to guess.
Many people tend to ignore the second requirement which
lead to weak passwords. Many solutions have been proposed.
Graphical password is one of the solutions.
 is an authentication system that works by having the user select from
images, in a specific order, presented in a graphical user interface (GUI).
For this reason, the graphical-password approach is sometimes called
graphical user authentication (GUA).

It can be used in:

•web log-in application
•ATM machines
•mobile devices

GRAPHICAL PASSWORD
Recognition Based Techniques
•auser is presented with a set of images and the user passes the
authentication by recognizing and identifying the images he selected
during the registration stage

Recall Based Techniques

•A user is asked to reproduce something that he created or selected
earlier during the registration stage
 Sobrado and Birget Scheme
System display a number of pass-objects
(pre-selected by user) among many other
objects, user click inside the convex hull
bounded by pass-objects.
• authors suggested using 1000 objects,
which makes the display very crowed and
the objects almost indistinguishable.
• “PassPoint” Scheme
User click on any place on an image to
create a password. A tolerance around each
chosen pixel is calculated. In order to be
authenticated, user must click within the
tolerances in correct sequence.
The user chose these regions when
he or she created the password. The
choice for the four regions is
arbitrary, but the user will pick
places that he or she finds easy to
remember. The user can introduce
his/her own pictures for creating
graphical passwords. Also, for
stronger security, more than four
click points could be chosen.
Graphical password schemes provide a way of making more human-
friendly passwords .

Here the security of the system is very high.

Here we use a series of selectable images on successive screen pages.

Dictionary attacks are infeasible.

•Password registration and log-in process take too long.
•Require much more storage space than text based passwords.
•Shoulder Surfing

It means watching over people's shoulders as they process

information. Examples include observing the keyboard as a person types
his or her password, enters a PIN number, or views personal
information.

Because of their graphic nature, nearly all graphical password

schemes are quite vulnerable to shoulder surfing.
(1) TRIANGLE SCHEME

• In the Triangle Scheme, users need to first register

their graphical password by selecting a number of
pictures.
• During the authentication phase, he or she has to
form the pass-triangle by using three previously
registered pictures.
TRIANGLE SCHEME
• In this method the user must locate three out of K
objects which these three are user passwords.
2) MOVABLE FRAME SCHEME
(
•Graphical passwords are an alternative to textual alphanumeric
password.

•Itsatisfies both conflicting requirements i.e. it is easy to remember & it

is hard to guess.

•By the solution of the shoulder surfing problem, it becomes more

secure & easier password scheme.

•Byimplementing other special geometric configurations like triangle &

movable frame, one can achieve more security.