2. Outline
• Introduction
• Graphical Passwords
• Advantages of Graphical Passwords
• Drawbacks
• Solution To Shoulder Surfing Problem
• Usability
• Conclusion
3. INTRODUCTION
• Mostcommon computer authentication method (Text-based
passwords).
• Difficulty of remembering passwords
• easy to remember -> easy to guess
• hard to guess -> hard to remember
• Users tend to write passwords down or use the same passwords for different
accounts
• An alternative: Graphical Passwords
• Psychological studies: Human can remember pictures better than text
4. GRAPHICAL PASSWORDS
• An authentication system that works by having the user select
from images, in a specific order, presented in a graphical user
interface (GUI).
• The graphical-password approach is sometimes called graphical
user authentication (GUA).
5. CLASSIFICATION TECHNIQUES
• Recognition Based Techniques
• a user is presented with a set of images and the user passes the authentication by
recognizing and identifying the images he selected during the registration stage
• Recall Based Techniques
• A user is asked to reproduce something that he created or selected earlier during the
registration stage
6. RECOGNITION BASED TECHNIQUES
Dhamija and Perrig Scheme Sobrado and Birget Scheme
• Pick several pictures out of many • System display a number of pass-objects
choices, identify them later in
(pre-selected by user) among many other
authentication.
objects, user click inside the convex hull
• Take longer to create graphical
bounded by pass-objects.
passwords
8. Recall Based Techniques
• Draw-A-Secret (DAS) Scheme
User draws a simple picture on a 2D grid, the coordinates of the grids occupied by the picture
are stored in the order of drawing
• redrawing has to touch the
same grids in the same
sequence in authentication
9. ADVATAGES OF GRAPHICAL PASSWORDS
• Provide a way of making more human-friendly passwords while
increasing the level of security.
• On average - millions of years to break into the system.
• Dictionary attacks are infeasible.
10. DRAWBACKS
• THE SHOULDER SURFING PROBLEM
• As the name implies, shoulder surfing is watching over people's shoulders as they
process information.
• Examples include observing the keyboard as a person types his or her password, enters
a PIN number, or views personal information.
• Because of their graphic nature, nearly all graphical password schemes are quite
vulnerable to shoulder surfing. Most of the existing schemes simply circumvent the
problem by stating that graphical passwords should only be used with handheld
devices or workstations set up in such a way that only one person can see the screen at
the time of login.
• However, it is possible to create schemes to counter shoulder surfing
problem
11. SOLUTION TO SHOULDER SURFING
PROBLEM
• (1) TRIANGLE SCHEME (2) MOVABLE FRAME SCHEME
12. USABILITY
• Pictures are easier to remember than text strings
• Password registration and log-in process take too long
• Require much more storage space than text based passwords
13. CONCLUSION
• Main Argument for Graphical Passwords:
• Satisfies both conflicting requirements i.e. it is easy to remember & it is hard to guess.
• More difficult to break graphical passwords from traditional attack
methods:
• Brute Force Search
• Dictionary Attack
• Or Spyware.
• Not yet widely used, current graphical password techniques are still
immature.
• By implementing other special geometric configurations like triangle &
movable frame, one can achieve more security.