SASURIE COLLEGE OF ENGINEERING

VIJAYAMANGALAM
TIRUPUR

NEW TRENDS IN IT
(GRAPHICAL PASSWORD)

Prepared By,
J.A.RANJITHA(III-BE-CSE)
E-Mail:beranjithacse@gmail.com

V.SATHYAPRIYA(III-BE-CSE)
E-Mail:sathyapriya2311@gmail.com

Abstract

Introduction

As the globe is growing so fast it is

Passwords are the most commonly used

necessary that we have to be secure. The

method for identifying users in computer

modern world is highly computerized and

and communication systems. Typically,

hence forth we have to move on with it.

passwords are strings of letters and digits,

In order to increase the security usually

i.e.,

the password technique is used. The

passwords have the disadvantage of being

commonly used password is of the type

hard to remember. The passwords are

text. Still there are so many disadvantages

expected to comply with two conflicting

in it.

requirements:
Here we present to you a new

password

technique

Graphical

which

authentication

through

of

the

deals
image.

they

are

alpha-numeric.

Such

Passwords should be easy to

type

remember,

with

authentication protocol should be

The

executable quickly and easily by

graphical data represents billions of bytes

and

the

user

humans.

of information and thus provide lot of

Passwords should be secure, i.e.,

password space. Thus graphical password

they should look random and

provides a way of making more human

should be hard to guess; they

friendly passwords while increasing the

should be changed frequently, and

level of security

should be different on different

accounts of the same user. They
should not be written down or
stored in plain text.
Here we discuss graphical passwords,
which consist of some actions that the
user

performs on an image. Such

passwords are easier to remember, but are

vulnerable to shoulder surfing. We
present

few

graphical

password

schemes that offer resistance to shoulder

Since the best password would be a

surfing.

completely random one, people have

Text Password

devised ways to create pseudo-random

Alpha-numeric

passwords

were

first

passwords. One such method is to take a

introduced in the 1960s as a solution to

common word and perform certain

security issues that became evident as the

actions on it. Using the word Creative as

first multi-user operating systems were

an example, users often create passwords

being developed. As the name indicates,

such as

an alpha-numeric password is simply a

string of letters and digits. Although
almost any string can serve as a
password, these passwords only offer

CrEaTiVe (by alternating upper

and lower case),
eViTaErC (by reversing the string),

good security as long as they are

aCEriTVe(by shuffling the string),

complicated enough so that they cannot

3a8tive (combining numbers and

be deduced or guessed. Commonly used

guidelines for alpha-numeric passwords
are:
The password should be at least 8

letters).
However, the better the password is, the
harder it is to remember.

characters long.
The password should not be easy to
relate to the user (e.g., last name,
birth date).
The password should not be a word
that can be found in a dictionary or
public directory.

Graphical password

Ideally, the user should combine

The idea of graphical passwords,

upper and lower case letters and

first described by Greg Blonder [G.

digits.

Blonder, Graphical Passwords, United

States Patent (1996)], is to let the user

particular computer network. Instead of

click (with a mouse or a stylus) on a few

w8KiJ72c, for example, a user might

chosen regions in an image that appears

select images of the earth (from among a

on the screen. Because human beings live

screen full of real and fictitious planets),

and interact in an environment where the

the country of France (from a map of the

sense of sight is predominant for most

world), the city of Nice (from a map of

activities, our brains are capable of

France), a white stucco house with arched

processing and storing large amounts of

doorways and red tiles on the roof, a

graphical information with ease. While

green plastic cooler with a white lid, a

we may find it very hard to remember a

package of Gouda cheese, a bottle of

string of fifty characters, we are able

grape juice, and a pink paper cup with

easily to remember faces of people,

little green stars around its upper edge

places we visited, and things we have

and three red bands around the middle.

seen. These graphical data represent

Graphical passwords may offer

millions of bytes of information and thus

better security than text-based passwords

provide

because many people, in an attempt to

graphical password is an authentication

memorize text-based passwords, use plain

system that works by having the user

words (rather than the recommended

select from images, in a specific order,

jumble of characters). A dictionary search

large

password

spaces.

presented in a graphical user

can often hit on a password and allow a

interface (GUI). For this reason, the

hacker to gain entry into a system in

graphical-password
sometimes

called

approach

is

seconds. But if a series of selectable

graphical

user

images is used on successive screen

authentication (GUA).

pages, and if there are many images on

Advantages of Graphical Password

each page, a hacker must try every

A graphical password is easier than

possible combination at random. If there

a text-based password for most people to

are 100 images on each of the 8 pages in

remember.

8-character

an 8-image password, there are 1008, or

password is necessary to gain entry into a

10 quadrillion, possible combinations that

Suppose

an

could form the graphical password! If the

alpha-numeric but rather a geometric

system has a built-in delay of only 0.1

pattern used to evaluate r.

second following the selection of each

image until the presentation of the next
page, it would take millions of years to
break into the system by hitting it with
random image sequences.
Adapting

challenge

response

to

graphical passwords
The

challenge

response

authentication that we just described is

not intended to be used directly by
humans to authenticate themselves to a
system,

because

it

requires

many

calculations to evaluate an alpha-numeric

one-way function for some random value.
However, we can use the human ability to
process graphical information. The goal is
to create a graphical one-way function
that will prevent an adversary from
obtaining the secret even if he or she has
full view of the value of the graphic oneway function.
As the bellow figure illustrates, all
the adversary would see is r and r. And
although f is publicly available, the secret
n is required to solve the next random
challenge.

However,

unlike

typical

challenge response, the secret n is not

Similarly, r and r are graphical. The

evaluation of f(n+r) is done without any
computation and can be easily performed
by a user in a reasonable amount of time.
Instead of sending a random number for
each challenge, we can obtain the same
functionality

by

performing

certain

random operations on an image (e.g.,

rotation, changes in position, perspective
and shading)
Triangle Scheme
The system randomly scatters a set of N
objects on the screen. In practice, the
number N could be a few hundred or a
few thousand, and the objects should be
different enough so that the user can
distinguish them. In addition, there is a
subset of K pass-objects previously
chosen and memorized by the user. At
login the system will randomly choose a
placement of the N objects. However, the
system first randomly chooses a patch

that covers half the screen, and randomly

objects a user will choose. On the other

places the K chosen objects in that patch.

hand, the large number of possible alpha-

To login, the user must find 3 of the pass-

numeric passwords (3615 2.2 * 1023) is

objects and click inside the invisible

an illusion: users do not choose alpha-

triangle created by those 3 objects. This is

numeric passwords randomly at all.

equivalent to saying that the user must

After an attacker sees one click on

click inside the convex hull of the pass-

the screen from the user, the attacker

objects that are displayed. In addition, for

learns that the K pass-objects are such

each login this challenge is repeated a

that their convex hull contains the click

few times using a different display of

point. This rules out all the K-tuples that

some of the N objects. Therefore, the

do not have the click point in their convex

probability of randomly clicking in the

hull. However, when N = 100 and K =

correct region in each challenge is very

10, the set of ruled-out K-tuples is atleast

low. The number of possible passwords is

> 2 * 1020, which is much too large to be

the "binomial coefficient" (choose any K

remembered in any computer memory

objects among N). When N = 1000 and K

(compare e.g., with the Avogadro number

= 10, the number of possible passwords is

NA

hence approximately 2.6 * 1023.

attacker can only remember a negligible

6 * 1023 atom/mole) Hence the

This is a little more than the number of

alpha-numeric passwords of length 15
(3615 2.2 * 1023 ). Having N = 1000
objects is not unreasonable (compare with
the "Where is Waldo" puzzles, where
there are typically tens of thousands of
little persons in a picture). Moreover, one
can expect a user to choose the K objects
fairly randomly; or, at least, an attacker
cannot predict much about which K

amount of what he learns in each

shoulder

surfing

observation.

As

consequence, the attacker cannot

accumulate knowledge of the user's
password. This shows that an exhaustivesearch attack is physically infeasible;
moreover, when passwords are chosen
truly randomly, exhaustive-search attacks
As before, this procedure is repeated a

are the only possible attacks.

An improved version of this system
would display only objects (N / 2

N)

few

more

times

moving the frame.

K). This simplifies the login of the user,

Other solutions
such as biometrics and eye password. An

Movable frame scheme

same

the

There are other types of passwords

while making attacks harder.

the

minimize

likelihood of logging in by randomly

among which are pass-objects (with 3

Using

to

ideas

and

eye password requires your physical

assumptions as in the previous scheme,

presence

before

the user must now locate 3 out of K pass-

Moreover the cost of the eye detector is

objects. This time however, only 3 pass-

on the higher side. So practically it is not

objects are displayed at any given time

possible

and only one of them is placed in a

authenticate through eye passwords. But

movable frame as depicted below. Which

comparatively Graphical passwords is of

pass-object is displayed within the frame

no cost which makes users feel more

is completely arbitrary

comfortable. Biometrics is also of the

for

all

the

eye

kind of

detector.

users

to

The task of the user is to move the

similar type but instead of the physical

frame (and the objects within it, like a

presence the physiological or behavioral

tape) by dragging the mouse around the

characteristics of the person concerned is

frame until the pass object on the frame

studied and authenticated. This requires

lines up with the other two pass-objects.

lots of work to be done in order to

process the activities of the person and

confirm his authentication. So Graphical

not yet convincing evidence to support

passwords are easier to be handled as

this argument. Our preliminary analysis

well as at a low cost.

suggests that it is more difficult to break

Conclusion

Graphical passwords using the traditional

The past decade has seen a growing

attack methods such as brute force search,

interest in using graphical passwords as

dictionary attack, or spy ware. However,

an alternative to the traditional text-based

since there is not yet wide deployment of

passwords. In this paper, we have

graphical

conducted a comprehensive survey of

vulnerabilities of graphical passwords are

existing graphical password techniques.

still not fully understood.

Although

for

Overall, the current graphical password

graphical passwords is that people are

techniques are still immature. Much more

better at memorizing graphical passwords

research and user studies are needed for

than text-based passwords, the existing

graphical password techniques to achieve

user studies are very limited and there is

higher levels of maturity and usefulness.

the

main

argument

password

systems,

the