Graphical password

From HandWiki

A graphical password or graphical user authentication is a form of authentication using images rather than letters, digits, or special characters. The type of images used and the ways, in which users interact with them vary between implementations.

Content types and mechanisms

Image sequence

Graphical passwords frequently require the user to select images in a particular order or respond to images presented in a particular order.[1]

Image-generated text

See also: CAPTCHA

Another graphical password solution creates a one-time password using a randomly generated grid of images. Each time the user is required to authenticate, they look for the images that fit their pre-chosen categories and enter the randomly generated alphanumeric character that appears in the image to form the one-time password.[2][3]

Facial recognition

One system requires users to select a series of faces as a password, utilizing the human brain's ability to recall faces easily.[4]

Draw-a-Secret (DAS)

Draw-a-Secret is a type of graphical password that requires the user to draw a picture over a grid. The user must exactly remember the user-drawn gestures in order to be authenticated.[citation needed] A larger stroke count corresponds with an increase in security, since it is harder for an attacker to copy the strokes and the order in which they are performed.[5]

Weaknesses

When not used in a private setting, graphical passwords are typically more susceptible than text-based passwords to "shoulder-surfing attacks", in which an attacker learns the password by watching the screen, as a user gains access.[6]

References

  1. graphical password or graphical user authentication (GUA). searchsecurity.techtarget.com. Retrieved on 2012-05-20.
  2. Ericka Chickowski (2010-11-03). "Images Could Change the Authentication Picture". Dark Reading. http://www.darkreading.com/authentication/security/client/showArticle.jhtml?articleID=228200140. 
  3. "Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites">"Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites". 2010-10-28. http://www.marketwire.com/press-release/Confident-Technologies-Delivers-Image-Based-Multifactor-Authentication-Strengthen-Passwords-1342854.htm. 
  4. Butler, Rick A. (2004-12-21) Face in the Crowd. mcpmag.com. Retrieved on 2012-05-20.
  5. Oorschot, P. C. van; Thorpe, Julie (January 2008). "On predictive models and user-drawn graphical passwords". ACM Transactions on Information and System Security 10 (4): 1–33. doi:10.1145/1284680.1284685. ISSN 1094-9224. http://dx.doi.org/10.1145/1284680.1284685. 
  6. Zakaria, Nur Haryani; Griffiths, David; Brostoff, Sacha; Yan, Jeff (20 July 2011). "Shoulder Surfing Defence for Recall-based Graphical Passwords". Symposium On Usable Privacy and Security (SOUPS) 2011. http://cups.cs.cmu.edu/soups/2011/proceedings/a6_Zakaria.pdf.