Comprehensive study of the usability features of the Graphical Password

Comprehensive study of the usability

features of the Graphical Password

1

1. INTRODUCTION

2. CURRENT AUTHENTICATION METHODS

3.DRAWBACKS OF NORMAL PASSWORD

4.WHY DO WE USE GRAPHICAL PASSWORD?

5. RECOGNITION BASED TECHNIQUES

6.RECALL BASED TECHNIQUES

7.CONCLUSION

8.REFERENCES

9.WORDS OF GRATITUDE

CONTENTS

2

Current authentication methods

Token based authentication ( key cards,bank cards,smart cards)

Biometric based (fingerprint,iris scan,facial recognition)

Knowledge based (text based and picture based passwords)

3

Introduction

4

1Token based authentication

Current authentication methods

Token based authentication

( key cards,bank cards,smart cards) Biometric based

(fingerprint,iris scan,facial recognition) Knowledge based

(text based and picture based passwords)

5

Introduction

6

2,Biometric based

Current authentication methods

Token based authentication

( key cards,bank cards,smart cards) Biometric based

(fingerprint,iris scan,facial recognition) Knowledge based

(text based and picture based passwords)

7

Introduction

8

3,Knowledge baseda) text based

9

3,Knowledge basedb)picture based

Drawbacks of normal password

Easy to guess Harder passwords are not easy to remember Dictionary attack-successively trying all the

words in an exhaustive list called a dictionary Bruteforce attack-tries to use every possible

character combinations as a password Key-space is limited to 64 ASCII characters

10

Why do we use graphical password?

More secure More memorable Easier for people to use A picture worth thousand passwords Offers much larger keyspace Cued recall,which helps users to remember a

password based on picture displayed and not just memory alone

Divided into two-recognition method and recall based methods

11

12

Graphical password?

Divided into two

Recognition method Recall based methods

13

Recognition based technique

A user is presented with a set of images and the user passes the authentication by recognizing and identifying the images he or she selected during the registration stage

Methods for recognition based technique

Dhamija and Perrig algorithmSobrado and Birget algorithmJansen et al. algorithmPassface algorithm

14

Dhamija and Perrig algorithm

15

Based on hash visualization technique

16

User will be asked to select certain number of images from a set of random pictures generated by a program

Later, user will be required to identify the pre-selected images to be authenticated

Drawbacks

SHOULDER-SURFING

using direct observation techniques,

such as looking over someone's shoulder,

to get information

Longer login time

17

Sobrado and Birget algorithmOvercome the shoulder-surfing attacks

Login time can be reduced

Several schemes are there, eg.triangle scheme,moveable frame scheme,special geometric configuration scheme

18

Triangle scheme

19

20

A user needs to selects their pass-object among many displayed object

To be authenticated, a user needs to recognize all the pre-selected pass-object which was selected during the registration phase.

The user requires to click inside the convex-hull which formed by the pass-object

21

Moveable frame scheme

22

This scheme is similar to their previous scheme but, only three pass objects were involved in this technique.

One of the pass-objects is placed into the moveable frame.

To be authenticated, the user needs to rotate the frame until all the pass-object is located in a straight line

Jansen et al. algorithm

23

Select a sequence of thumbnail photo to form a password

Designed especially for mobile devices such as PDAs

24

Throughout the password creation, a user has to select the theme first e.g. sea and shore,

Afterward, a user has to selects and registers a sequence of the selected thumbnail photo to form a password .

The user needs to recognize and identify the previously seen photos and touch it by using stylus with the correct sequence in order to be authenticated

Passface algorithm

25

26

Based on the assumption that human can recall human faces easier than other pictures

User are requires to select the previously seen human face picture from a grid of nine faces which one of the face is the known face and the rest is the decoy faces

27

This step continuously repeated until all the four face is identified. User needs to recognize all the face selected during the enrollment stage. User is authenticated if all the correct face is successfully identified.

28

Takada and koike

Allow users to use their favourite image for authentication

First register their favourite images with the server

29

Recall based techniques

A user is asked to reproduce something that he or she created or selected earlier during the registration stage

Methods for recall based techniques

Passlogix scheme DAS scheme Signature scheme

30

Passlogix scheme “Repeating a sequence of actions” Creating a password by a chronological

situation

31

32

User can select their background images based on the environment, for example in the kitchen, bathroom, bedroom or etc

To enter a password, user can click and/or drag on a series of items within that image.

33

For example in the kitchen environment, user can prepare a meal by selecting cooking ingredients, take fast food from fridge and put it in the microwave oven, select some fruits and wash it in washbasin and then put it in the clean bowl.

DAS scheme“Draw-a-secret” based on two dimensional gridUsers can draw a password as long as they wish

34

Signature scheme There is no need to memorize one’s

signature and signatures are hard to fake

35

Conclusion

In this paper, we have conducted a comprehensive study of existing graphical password techniques

We have found that the graphical passwords schemes is more difficult to be cracked by using the traditional attack methods.

36

References

37

Ieee papers

www.graphicalpassword.net

R. Dhamija and A. Perrig. “Déjà vu: A User Study Using Images forAuthentication

wikipedia

THANK YOU

38

39