Why no to text passwords??? Easy to remember ---- Easy to guess. Users tend to use same password for different accounts. An Alternative : GRAPHICAL PASSWORDS ->Humans can remember pictures better than text. ->Hard to decode. ->Overcoming SQL Injection.

1. “…For every lock,
there is someone out
there trying to pick it
or break in…”

2. DEFENCE AGAINST
LARGE SCALE ONLINE
PASSWORD GUESSING
ATTACKS BY USING
PERSUASIVE CLICK
POINTS

3. AYISHA. M. KALBURGI 8TH SEM CSE
SECAB INSTITUTE OF ENGINEERING
VIJAYAPUR

4. INTRODUCTION
Why no to text passwords?
 Easy to remember ---- Easy to guess.
 Users tend to use same password for different accounts.
An Alternative : GRAPHICAL PASSWORDS
 Humans can remember pictures better than text.
 Hard to decode.
 Overcoming SQL Injection.

5. OVERVIEW
Classification of Passwords
Knowledge based
Token based
Biometrics

6. GRAPHICAL PASSWORDS
Recognition Based Techniques.
• The user is presented with a set of images, the user
authenticates by recognizing and identifying the images he
selected at the time of registration.
Recall Based Techniques.
• The user is asked to reproduce something that he created
or selected earlier during the registration stage.

7. RECOGNITION BASED
TECHNIQUES
Dhamija and Perrig
Select several pictures out of many choices, identify them in
the selected order to authenticate.
The server needs to store the seeds of the portfolio images of
each user in plain text.
Selecting a set of pictures can be tedious and time
consuming for the user.

8. DHAMIJA N PERRIG

9. RECOGNITION BASED
TECHNIQUES
 Hong’s Methods
Allow the user to assign their
own codes to pass-object
variants.

10. RECALL BASED TECHNIQUES
 Pass point (PP)
 Password consists of an ordered sequence of five
click-points on a pixel-based image.
To login, a user must click within some system
defined tolerance region for each click-point.

11. PASS POINTS

12. RECALL BASED TECHNIQUES
Cued Click Points (CCP)
Users select one point per image for five images.
The interface displays only one image at a time.
If a user enters an incorrect click-point during
login, the next image displayed will also be
incorrect.

13. CUED CLICK POINTS

14. RECALL BASED TECHNIQUES
Persuasive Cued Click- Points (PCCP)
 During password creation, most of the image is
dimmed except for a small view port area that is
randomly positioned on the image.
 The view port can be shuffled to a specific location.

15. PERSUASIVE CLICKED
POINTS

16. DISCUSSION
 Dictionary attacks
 Graphical passwords are less vulnerable to dictionary
attacks than text-based passwords.
 Social Engineering
 It is very difficult to give away graphical passwords
over the phone or email.
 Spyware
 “Mouse tracking” spy ware maybe an effective tool
against graphical passwords.

17. PROPOSED SYSTEMS
 Automated Turing Tests(ATTs) are effective to identify
automated malicious login attempts with reasonable cost of
inconvenience to users.
 PGRP limits the total number of login attempts from
unknown host, legitimate users in most cases.
 Proposed system also provide protection against key logger
spyware.

18. APPLICATIONS
 Workstations.
 Web login applications.
 More security in ATM’s.
 Its implementation has already started in mobile devices.

19. ACCURACY
 Graphical passwords are more secure than textual
passwords.
 They are more efficient.
 They have high accuracy rate.
 Most reliable.

20. CONCLUSION
Human brain is better at memorizing graphical
passwords than text based passwords.
It is more difficult to break graphical passwords
using the traditional attack methods.
This offers more convenient login experience.
It appears suitable for organisations of both small
and large number of user accounts.

21. 