This document summarizes a thesis on graphical passwords as an alternative to text-based passwords. Graphical passwords use images instead of text and are easier for users to remember. They provide stronger security than text passwords since they are harder to guess via brute force or dictionary attacks. However, graphical passwords are vulnerable to "shoulder surfing" attacks where an observer watches the user enter their password. The document discusses recognition-based and recall-based graphical password techniques and proposes solutions like movable frames to mitigate shoulder surfing risks. It concludes that graphical passwords satisfy the conflicting needs of ease of use and security, but have not been widely adopted and current methods could still be improved.
3. Introduction:
Most common computer authentication method (Text-Based
Passwords).
• Difficulty of remembering passwords.
Easy to remember => Easy to guess
Hard to guess => Hard to remember
Users tend to write passwords down or use the same passwords for
different accounts.
An alternative: Graphical Passwords.
• Psychological studies: Human can remember pictures better than text.
4. Graphical Password:
• An authentication system that works by having the user select
from images, in a specific order, presented in a graphical user
interface (GUI).
• The graphical-password approach is sometimes called graphical
user authentication (GUI).
5. Classification Techniques:
Recognition Based Techniques:
• A user is presented with a set of images and the user passes
the authentication by recognizing and identifying the images he
selected during the registration stage.
Recall Based Techniques:
• A user is asked to reproduce something that he created or
selected earlier during the registration stage.
6. Classification Techniques:
Recognition Based Techniques:
• A user is presented with a set of images and the user passes
the authentication by recognizing and identifying the images he
selected during the registration stage.
Recall Based Techniques:
• A user is asked to reproduce something that he created or
selected earlier during the registration stage.
7. Recognition Based Techniques:
Dhamija & Perring Scheme:
• Pick several pictures out of many
choices, identify later in
authentication.
• Take longer to create graphical
passwords.
Sobrado & Birget Scheme:
• Systems display a number of
pass-objects (pre-selected by user)
among many other objects, user
click inside the convex hull ounded
by pass-objects.
9. Recall Based techniques:
Draw-A-Secret (DAS) Scheme:
• User draws a simple picture on 2D grid, the co ordinates
of the grids occupied by the picture are stored in the order
of drawing.
• Redrawing has to touch the
same grids in the same
sequences in authentication.
10. Advantages of Graphical Passwords:
Provide a way of making more human-friendly
passwords while increasing the level of security.
On average–millions of years to break into the system.
Dictionary attacks are infeasible.
11. Drawbacks:
The shoulder surfing problem:
As the name implies, shoulder is watching over people’s shoulders as
they process information.
Example includes observing the keyboard as a person types his or her
password, enters a PIN number, or views personal information.
Because of their graphic nature, nearly all graphical password
schemes are quite vulnerable to shoulder surfing. Most of the existing
schemes simple circumvent the problem by stating the graphical
passwords should only be used with handheld devices or workstation set
up in such a way that only one person can see the screen at the time of
login.
However, it is possible to create schemes to counter shoulder surfing
problem.
13. Usability:
Pictures are easier to remember than text strings.
Password registration and login process take too long.
Require much more storage space than text based passwords.
14. Conclusion:
Main argument for Graphical Password:
• Satisfies both conflicting requirements i.e. it is easy to remember & it is
hard to guess.
More difficult to break graphical passwords from traditional
attack methods:
• Brute Force Search
• Dictionary Attack
• Spyware
Not yet widely used, current graphical password techniques are
still immature.
By implementing other special geometric configurations like
triangle & movable frame, one can achieve more security.