2. CONTENTS
INTRODUCTION.
WHAT IS PASSWORD?
WHAT IS GRAPHICAL PASSWORD?
COMPARISION BETWEEN ALPHA-NUMERIC &
GRAPHICAL PASSWORDS.
WHAT IS ALPHA-NUMERIC PASSWORDS?
ADVANTAGES OF GRAPHICAL PASSWORDS.
A SIMPLE GRAPHICAL PASSWORD SCHEME.
DRAWBACKS.
THE SHOULDER SURFING PROBLEM.
SOLVING THE SHOULDER SURFING PROBLEM.
3. PASSWORDS
The most commonly used form of user authentication.
The weakest links of computer security systems.
Two conflicting requirements of alphanumeric
passwords
(1) Easy to remember and
(2) Hard to guess.
Many people tend to ignore the second requirement
which lead to weak passwords. Many solutions have been
proposed. Graphical password is one of the solutions.
4. GRAPHICAL PASSWORDS
A GRAPHIICAL PASSWORD is an
authentication system that works by having the user
select from images, in a specific order, presented in
a graphical user interface (GUI). For this reason, the
graphical-password approach is sometimes called
graphical user authentication (GUA).
An example of a system that we developed uses an
image on the screen and lets the user choose a few
click points; these click points are the "password",
and the user has to click closely to these points again
in order to log in.
5. COMPARISION BETWEEN ALPHA-NUMERIC
& GRAPHICAL PASSWORDS:
Commonly used guidelines for alpha-numeric passwords
are:
The password should be at least 8 characters long.
The password should not be easy to relate to the user (e.g.,
last name, birth date).
The password should not be a word that can be found in a
dictionary or public directory.
Ideally, the user should combine upper and lower case
letters and digits.
But in graphical passwords, which consist of some actions
that the user performs on an image. Such passwords are
easier to remember & hard to guess.
6. Graphical Passwords - What A Concept!
The concept is simple: You
pick several icons to represent
your password. Then when you
want to authenticate a screen is
drawn as a challenge to which
you must respond. The screen
has numerous icons, at some
of which are your private
password icons. You must
locate your icons visually on
the screen and click somewhere
directly inside the perimeter
they create -- but not on the
icons themselves
7. A SIMPLE GRAPHICAL PASSWORD
SCHEME
The user chose these regions
when he or she created the
password. The choice for the
four regions is arbitrary, but
the user will pick places that he
or she finds easy to remember.
The user can introduce his/her
own pictures for creating
graphical passwords. Also, for
stronger security, more than
four click points could be
chosen.
8. ADVATAGES OF GRAPHICAL
PASSWORDS
Graphical password schemes provide a way of making
more human-friendly passwords while increasing the level
of security.
Here we use a series of selectable images on successive
screen pages, if there are 100 images on each of the 8
pages in an 8-image password, there are 100^8, or 10
quadrillion (10,000,000,000,000,000), possible
combinations that could form the graphical password! If
the system has a built-in delay of only 0.1 second, it
would take (on average) millions of years to break into the
system by hitting it with random image sequences.
Dictionary attacks are infeasible
9. DRAWBACKS
THE SHOULDER SURFING PROBLEM
As the name implies, shoulder surfing is watching over
people's shoulders as they process information. Examples
include observing the keyboard as a person types his or
her password, enters a PIN number, or views personal
information.
Because of their graphic nature, nearly all graphical
password schemes are quite vulnerable to shoulder
surfing. Most of the existing schemes simply circumvent
the problem by stating that graphical passwords should
only be used with handheld devices or workstations set up
in such a way that only one person can see the screen at
the time of login.
10. OUR GOAL
Due to this vulnerability to shoulder surfing, it
would appear that graphical passwords could
never be used in environments where view of the
screen is not exclusive to the person logging in.
However, it is possible to create schemes that
counter the shoulder surfing problem.
11. SOLUTION TO SHOULDER
SURFING PROBLEM
(1) TRIANGLE SCHEME
(For clarity, this collection contains only a little over 100 objects. Typical screens can fit over 1000.)
13. CONCLUSION
Graphical passwords are an alternative to textual
alphanumeric password.
It satisfies both conflicting requirements i.e. it is
easy to remember & it is hard to guess.
By the solution of the shoulder surfing problem, it
becomes more secure & easier password scheme.
By implementing other special geometric
configurations like triangle & movable frame, one
can achieve more security.