The document discusses passwords and graphical passwords. It defines a password as a secret word or string used to authenticate identity for access to resources. Graphical passwords use images rather than text, where the user selects images or click points within images to log in. The document outlines different types of graphical password schemes, including click-based schemes where the user clicks points on images in a specific order (like PassPoints), and recognition-based schemes where the user identifies previously selected images. It notes that while graphical passwords can provide more security, they also have disadvantages like taking more time and storage space compared to text passwords.
2. What is PASSWORD?
PASSWORD is a secret word or string of
characters that is used for user authentication to
prove his identity and gain access to resources.
Uses of Password:
Logging into accounts.
Retrieving emails.
Accessing applications.
Networks.
Websites
3. Authentication is a process of conformation of a
persons identity.
Types:
Token based authentication
key cards, band cards, smart card, …
Biometric based authentication
Fingerprints, iris scan, facial recognition, …
Knowledge based authentication
text-based passwords, picture-based
passwords, …
4. Text password is a secret word or string of
characters that is used for user authentication to
prove his identity and gain access to resources.
Difficulty of remembering passwords
easy to remember -> easy to guess
hard to guess -> hard to remember
5. A graphical password is an authentication system that
works by having the user select from images, in a
specific order, presented in a graphical user interface
(GUI).
For this reason, the graphical-password approach is
sometimes called graphical user authentication
(GUA).
An example of a graphical password uses an
image on the screen and lets the user choose a few
click points; these click points are the
"password", and the user has to click closely to
these points again in order to log in.
6. Recall Based Techniques
A user is asked to reproduce something that he
created or selected earlier during the registration
stage
Recognition Based Techniques
A user is presented with a set of images and the
user passes the authentication by recognizing and
identifying the images he selected during the
registration stage.
Cued-recall Technique
7. Draw-A-Secret (DAS) Scheme
User draws a simple picture on a 2D grid, the
coordinates of the
grids occupied by the picture are stored in the order of
drawing
Redrawing has to touch the
same grids in the same
sequence in authentication.
User studies showed the
8. Signature scheme
Here authentication is conducted by having the user
drawing their signature using a
mouse.
9. Pass Point Scheme
User click on any place on an image to create a password.
A tolerance around each chosen pixel is calculated. In
order to be authenticated, user must click within the
tolerances in the correct sequence.
11. Dhamija and Perrig Scheme
Pick several pictures out of many
choices, identify them later
in authentication.
12. Sobrado and Birget Scheme
System display a number of pass-objects (pre-selected
by user) among many other objects, user click inside
the convex hull bounded by pass-objects.
13. Pass face scheme:
In this technique human faces are used as password.
15. Graphical password schemes provide a way of
making more
human-friendly passwords while increasing the level of
security.
Here the security of the system is very high.
Dictionary attacks and brute force search are
infeasible.
16. Password registration and log-in process take too
long.
Require much more storage space than text based
passwords.
Shoulder Surfing .