5. In this presentation what we have
A comprehensive study of the existing
graphical password techniques
Discuss the strengths and limitations of
each method
Point out future research directions
6. The two most commonly used techniques in picture password authentication
7. RECOGNITIONBASED TECHNIQUES
A user is presented with a set of images and the user passes the authentication by recognizing and
identifying the images he selected during the registration stage
RECALL BASED TECHNIQUES
A user is asked to reproduce/recreate something that he created or selected earlier during
the registration stage
8. Recognition Based Techniques
Dhamija and Perrig Scheme
Pick several pictures out of many choices, identify them later
in authentication.
◦ using Hash Visualization, which,
given a seed, automatically
generate a set of pictures
◦ take longer to create graphical
passwords
password space: N!/K! (N-K)!
( N-total number of pictures; K-number of pictures selected as passwords)
9. Recognition Based Techniques
Triangle Scheme
System display a number of pass-objects (pre-selected by
user) among many other objects, user click inside the
convex hull bounded by pass-objects.
◦ authors suggest using 1000
objects, which makes the display
very crowed and the objects almost
indistinguishable.
password space: N!/K! (N-K)!
( N-total number of picture objects; K-number of pre-registered objects)
11. Recall Based Techniques
Draw-A-Secret (DAS) Scheme
User draws a simple picture on a 2D grid, the
coordinates of the
grids occupied by the picture are stored in the order of
drawing
redrawing has to touch the
same grids in the same
sequence in authentication
user studies showed the
drawing sequences is hard to
Remember
12. Recall Based Techniques
“Pass Point/ Click Point ” Scheme
User click on any place on an image to create a password. A
tolerance
around each chosen pixel is calculated. In order to be authenticated,
user must click within the tolerances in correct sequence.
can be hard to remember the
sequences
Password Space: N^K
( N -the number of pixels or smallest
units of a picture, K - the number of
Point to be clicked on )
13. Click point’s as password
1st click 2nd click 3rd click 4th click 5th click …
Click point
15. Security
Is a graphical password as secure as
text-based passwords?
◦ text-based passwords have a password space of
94^N
(94 – number of printable characters, N- length of passwords).
Some graphical password techniques can compete: Draw-A-Secret
Scheme, Pass Point Scheme.
Text passwords are Vulnerable/prone to
attacks like Dictionary attack, Brute
force attack, spyware .
16. ◦ Brute force search / Dictionary attacks
The attack programs need to automatically generate accurate mouse motion
to imitate human input, which is more difficult compared to text passwords.
◦ Guessing
◦ Social engineering
If the number of possible pictures is sufficiently
large, the possible password space may exceed that
of text-based schemes, thus offer better resistance
to dictionary attacks.
can be used to:
◦ workstation
◦ web log-in application
◦ ATM machines
◦ mobile devices
◦ databases
17. Advantages of picture password authentication
Graphical password schemes provide a way of making more human-friendly
passwords .
Here the security of the system is very high.
Here we use a series of selectable images on successive screen pages.
Dictionary attacks and brute force searches are infeasible.
18. Drawback's of picture password
Password registration and log-in process take too long.
Require much more storage space than textual/character passwords.
SHOULDER SURFING
It means watching over people's shoulders as they process information.
Examples include observing the keyboard as a person types his or her password,
enters a PIN number, or views personal information.
Because of their graphic nature, nearly all graphical password schemes are quite
vulnerable/unsafe to shoulder surfing.
21. CONCLUSION
Picture passwords are an alternative to textual alphanumeric password.
It satisfies both conflicting requirements i.e. it is easy to remember & it is
hard to guess.
By the solution of the shoulder surfing problem, it becomes more secure &
easier password scheme.
By implementing encryption algorithms and hash algorithms for storing and
retrieving pictures and points, one can achieve more security
Picture password is still immature, more research is required in this field.