User authentication is the first phase of information security. Users should remember their passwords and recall them for authentication. Text based passwords is the traditional method for authentication. Short and simple passwords are memorable and usable but not secure. Random and lengthy passwords are secure but not memorable and usable. Graphical password schemes are introduced as alternatives to text based schemes. Few grid based authentication techniques are also proposed. The purpose of this paper is to introduce a tool to enhance the memorability and security of passwords which also provides usability. The most popular ancient Indian board game “Snakes and Ladders” is used as a tool for authentication.
A Well Known Tool Based Graphical Authentication Technique cscpconf
Authentication is the first step of information security. Authentication schemes require users to
memorize the passwords and recall them during log-in time. Traditional text-based
authentication schemes have memorability problems for secure passwords. Graphical password
schemes are introduced as alternatives to text based schemes. Many techniques have been
designed using single image or multiple images. Few grid based authentication techniques are
proposed. This paper introduces a new authentication technique based on a well known tool.
The most popular game especially in rural areas, “Snakes and Ladders” is used as a tool in
authentication technique. The usage of this tool increases the memorability and usability of
passwords.
USER AUTHENTICATION USING NATIVE LANGUAGE PASSWORDSIJNSA Journal
Information security is necessary for any organization. Intrusion prevention is the basic level of security which requires user authentication. User can be authenticated to a machine by passwords. Traditional textual passwords are vulnerable to many attacks. Graphical passwords are introduced as alternatives to textual passwords to overcome these problems. This paper introduces native language passwords for authentication. Native language character set consists of characters with single or multiple strokes. User can select one (or more) character(s) for his password. The shape and strokes of the characters are used for authentication.
The document summarizes a proposed two-round hybrid password authentication scheme. The scheme combines graphical and text passwords to improve security. In the first round, users select images from a common image set. In the second round, users click on a point of interest in a custom image and enter a text password. Analyzing the scheme, the document finds that it has a large password space resisting brute force and dictionary attacks. Keyloggers are also mitigated as the scheme involves both mouse clicks and keyboard input. The hybrid approach aims to provide stronger authentication through multiple rounds while maintaining usability.
Authentication Schemes for Session Passwords using Color and ImagesIJNSA Journal
Textual passwords are the most common method used for authentication. But textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most of the graphical schemes are vulnerable to shoulder surfing. To address this problem, text can be combined with images or colors to generate session passwords for authentication. Session passwords can be used only once and every time a new password is generated. In this paper, two techniques are proposed to generate session passwords using text and colors which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants.
Password prevents unauthorized access to the data and also provides high security and confidentiality. Due to
various drawbacks in text based passwords, graphical password authentication was developed as an alternative.
Graphical passwords also provide more security when compared to text based. In graphical password authentication,
users click on images to set their passwords. Images are generally easier to be remembered than text. In graphical
password authentication users can set images as their password. Caesar Cipher Technique is an encryption
technique used for secure transmission of textual data. In this paper, this technique is applied for graphical
password in order to provide enhanced security to the user.
Authentication Using Graphical Passwordijceronline
This paper introduces image based captcha to protect user data or unauthorized access of information. In that password is created from images and text password. Current system is based on only text password but it has disadvantages small password mostly used and easy to remember. This type of password is easy to guess through different attack i.e. dictionary attack and brute force attack. In this paper we have proposed a new image password scheme. In this Recognition based technique is used with numerical password which provide more security and easy to remember text and graphical password.
A Study of Various Graphical Passwords Authentication Schemes Using Ai Hans P...IOSR Journals
This document summarizes and compares various graphical password authentication schemes that use recognition-based and recall-based approaches. Recognition-based schemes require users to identify pre-selected images during login, while recall-based schemes require users to reproduce a password they created. The document discusses specific schemes such as Passfaces, Déjà Vu, Draw-a-Secret, and PassPoints and analyzes the strengths and limitations of each in terms of usability, security, and password space. It concludes that recall-based schemes have advantages over text passwords but also have usability drawbacks such as taking more time to create and enter passwords.
A Well Known Tool Based Graphical Authentication Technique cscpconf
Authentication is the first step of information security. Authentication schemes require users to
memorize the passwords and recall them during log-in time. Traditional text-based
authentication schemes have memorability problems for secure passwords. Graphical password
schemes are introduced as alternatives to text based schemes. Many techniques have been
designed using single image or multiple images. Few grid based authentication techniques are
proposed. This paper introduces a new authentication technique based on a well known tool.
The most popular game especially in rural areas, “Snakes and Ladders” is used as a tool in
authentication technique. The usage of this tool increases the memorability and usability of
passwords.
USER AUTHENTICATION USING NATIVE LANGUAGE PASSWORDSIJNSA Journal
Information security is necessary for any organization. Intrusion prevention is the basic level of security which requires user authentication. User can be authenticated to a machine by passwords. Traditional textual passwords are vulnerable to many attacks. Graphical passwords are introduced as alternatives to textual passwords to overcome these problems. This paper introduces native language passwords for authentication. Native language character set consists of characters with single or multiple strokes. User can select one (or more) character(s) for his password. The shape and strokes of the characters are used for authentication.
The document summarizes a proposed two-round hybrid password authentication scheme. The scheme combines graphical and text passwords to improve security. In the first round, users select images from a common image set. In the second round, users click on a point of interest in a custom image and enter a text password. Analyzing the scheme, the document finds that it has a large password space resisting brute force and dictionary attacks. Keyloggers are also mitigated as the scheme involves both mouse clicks and keyboard input. The hybrid approach aims to provide stronger authentication through multiple rounds while maintaining usability.
Authentication Schemes for Session Passwords using Color and ImagesIJNSA Journal
Textual passwords are the most common method used for authentication. But textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most of the graphical schemes are vulnerable to shoulder surfing. To address this problem, text can be combined with images or colors to generate session passwords for authentication. Session passwords can be used only once and every time a new password is generated. In this paper, two techniques are proposed to generate session passwords using text and colors which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants.
Password prevents unauthorized access to the data and also provides high security and confidentiality. Due to
various drawbacks in text based passwords, graphical password authentication was developed as an alternative.
Graphical passwords also provide more security when compared to text based. In graphical password authentication,
users click on images to set their passwords. Images are generally easier to be remembered than text. In graphical
password authentication users can set images as their password. Caesar Cipher Technique is an encryption
technique used for secure transmission of textual data. In this paper, this technique is applied for graphical
password in order to provide enhanced security to the user.
Authentication Using Graphical Passwordijceronline
This paper introduces image based captcha to protect user data or unauthorized access of information. In that password is created from images and text password. Current system is based on only text password but it has disadvantages small password mostly used and easy to remember. This type of password is easy to guess through different attack i.e. dictionary attack and brute force attack. In this paper we have proposed a new image password scheme. In this Recognition based technique is used with numerical password which provide more security and easy to remember text and graphical password.
A Study of Various Graphical Passwords Authentication Schemes Using Ai Hans P...IOSR Journals
This document summarizes and compares various graphical password authentication schemes that use recognition-based and recall-based approaches. Recognition-based schemes require users to identify pre-selected images during login, while recall-based schemes require users to reproduce a password they created. The document discusses specific schemes such as Passfaces, Déjà Vu, Draw-a-Secret, and PassPoints and analyzes the strengths and limitations of each in terms of usability, security, and password space. It concludes that recall-based schemes have advantages over text passwords but also have usability drawbacks such as taking more time to create and enter passwords.
Implementation of Knowledge Based Authentication System Using Persuasive Cued...IOSR Journals
This document presents a graphical password authentication system called Persuasive Cued Click Points (PCCP) that uses images and sound signatures. PCCP aims to improve usability and security over traditional text passwords. A user selects a sequence of click points, one on each of 5 images. Each click point is associated with a sound signature to help the user recall it. The system creates a profile vector from the click points. At login, the user's click points are compared to the profile vector. If they match within a tolerance level, the user is authenticated. The document discusses related work, the proposed system's algorithms and design, and concludes PCCP increases the effective password space while allowing user choice. Users found P
The document proposes two new authentication schemes for PDAs that use session passwords. Session passwords are one-time passwords generated for each login. The first scheme generates passwords based on pairs of letters from a secret text password and their intersections on a grid. The second scheme has users rate colors during registration, and session passwords are generated by the intersections of those colors on a color grid and number grid displayed during login. Both schemes aim to be resistant to dictionary attacks, brute force attacks, and shoulder surfing by changing the grids each time. The techniques were proposed to provide authentication for PDAs but require further testing for usability and effectiveness.
Presentation on Graphical password-technology to make system more securedSanjeev Kumar Jaiswal
A graphical password is an authentication system that works by having
the user select from images, in a specific order, presented in a graphical
user interface (GUI). Graphical passwords may offer better security than
text-based passwords because many people, in an attempt to memorize
text-based passwords, use plain words
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
The document describes a proposed 3D password authentication scheme. The scheme would present users with a 3D virtual environment containing various objects that they could interact with. A user's 3D password would be the specific sequence of interactions with different objects in the environment, such as typing on a virtual keyboard, providing fingerprint authentication at a device, or selecting radio channels in a virtual car. The scheme aims to combine elements of textual passwords, graphical passwords, biometrics, and tokens into a single 3D environment. Designing the virtual environment and selecting distinct object types and locations would determine the size of the possible password space. The scheme is presented as an alternative to traditional authentication methods that aims to be more secure, usable and flexible.
— A CAPTCHA means "Completely Automated
Public Turing test to tell Computers and Humans Apart". It is a
type of challenge-response test used in computing to determine
whether or not the user is human. CaRP is both a Captcha and a
graphical password scheme. CaRP addresses a number of
security problems altogether, such as online guessing attacks,
relay attacks, and, if combined with dual-view technologies,
shoulder-surfing attacks. Particularly, a CaRP password can be
found only probabilistically by automatic online guessing attacks,
even if the password is in the search set. CaRP also offers an
approach to address the well-known image hotspot problem in
popular graphical password systems, such as PassPoints, which
often leads to weak password choices. Thus, a variant to the
login/password scheme, using graphical scheme was introduced.
But it also suffered due to shoulder-surfing and screen dump
attacks. Thus it introduces a framework to proposed (IPAS)
Implicit Password Authentication System, which is protected to
the common attacks suffered by other authentication schemes.
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Folder Security Using Graphical Password Authentication Schemepaperpublications3
Abstract: Now a day most of the user are facing problem for providing the security to the folder, so that it will not be accesses by the unauthorized user. Taking in action all these problems I have designed a model which will provide a best security to your folders using graphical password authentication model. Graphical passwords are an alternative to alphanumeric passwords in which users click on images to authenticate themselves rather than type alphanumeric strings. We have developed one such system, called Pass Points, and evaluated it with human users. Beginning around 1999, a multitude of graphical based password scheme which have been proposed as alternative to text based password scheme, motivated by the promise of improved password memorability and thus usability. This paper presents a detailed evaluation of the Pass Points and pattern matching password scheme which provides high level of security and provides security to your folder.
An Improving Method of Grid Graphical Password Authentication SystemIJERA Editor
Security in the computer is largely supported by passwords for authentication process. Alphanumeric passwords still remain as the most common Authentication method. This conventional authentication method has been shown to be susceptible security threats such as phishing attack, brute force attack, dictionary attack, spyware attack etc. To overcome the vulnerabilities of traditional methods, a numerous graphical password authentication systems have been designed. These graphical passwords are usually seen as complex and time consuming. Furthermore, the existing graphical passwords are susceptible to spyware and shoulder surfing attacks. In this system we propose this 2 step random colored grid graphical password scheme to abolish the above mentioned well known security threats. Considering the drawbacks of the existing graphical password systems, we have proposed a robust graphical password scheme, which is highly adaptable for traditional desktop systems, smart phones and other web applications
SHUFFLED INPUT GRAPHICAL PASSWORD AUTHENTICATION SCHEMES BUILT ON CAPTCHA TEC...ijiert bestjournal
When we consider the online service or desktop appl ication there is major issue of security breaching. Old password schemes has some drawbacks like hacking of password,shoulder-surfing attack as far as password is con cern,online password guessing attack,relay attack. Hence there must be system that provides good solution for suc h password cracking attacks. There are many solutions for it a nd various password schemes available that achieves this. The main drawback of these schemes is that users have t o deal with complicated and tedious steps as far as registration and login of user is concern as its logic contains some intense AI processes. These complicated AI pro cesses are exhaustive for common user of the system. In this p aper we proposed authentication scheme which consis t of graphical password based captcha challenge image. I t consists of both a captcha and a graphical passwo rd schemes. We extend the use of captcha as human present recog nition as well as graphical password hence it provi des all benefits of captcha and make system more powerful f rom security point of view.
Authentication plays a major role in Digital environment. In this environment we have different methods which generally use alphanumeric characters and special characters for password creation. These methods have some problems like hard to remember password because it has no meaning and easily breakable by third parties or attackers. To address these issues, many techniques for authentication are proposed from which graphical password method is best in terms of cost and usage. Basically, Graphical passwords use images for password creation and it has some demerits like hotspot and shoulder surfing problem. A persuasive cued click-point based method reduces hotspot problem. To prevent persuasive cued click-point based method from shoulder surfing we include one time password. For more user convenience we provide two login
methods one which requires internet and other which does not
require internet.
IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...IRJET Journal
This document proposes a Multi-facet Password Scheme (MAPS) for mobile authentication called Chess-based MAPS (CMAPS) that combines information from multiple facets (types of information) to generate passwords. CMAPS uses gestures on a chessboard interface to create passwords with a larger password space than 4-digit PINs or 8-character passwords, improving security. User studies showed CMAPS achieved high memorability while exceeding the security of standard passwords. The document reviews related work in graphical passwords, mobile authentication schemes, and gamification of security mechanisms. It also outlines threats assumed for the mobile authentication system, including a stolen device and an attacker unable to access data through other means.
The document proposes a 3-D graphical authentication system as an alternative to traditional textual passwords. It describes users having difficulty with passwords that are hard to remember but easy to crack. The proposed system uses a 3-D virtual environment where the password is a sequence of interactions with objects. This combines elements of recognition, recall, tokens, and biometrics. Guidelines for designing the virtual environment include making it similar to real life and ensuring objects are unique and distinguishable. The system could protect critical systems by offering a very large password space through its multi-factor approach.
Investigating the Combination of Text and Graphical Passwords for a more secu...IJNSA Journal
Security has been an issue from the inception of computer systems and experts have related security issues with usability. Secured systems must be usable to maintain intended security. Password Authentication Systems have either been usable and not secure, or secure and not usable. Increasing either tends to complicate the other.
Text passwords are widely used but suffer from poor usability, reducing its security. Graphical Passwords, while usable, does not seem to have the security necessary to replace text passwords. Attempts using text or graphics only have mixed results. A combination password is proposed as a potential solution to the problem.
This paper explores combination as a means of solving this password problem. We implemented three password systems: Text only, Graphics only and a Combination of Text and Graphics. Remote evaluations were conducted with 105 computer science students. Results from our evaluations, though not conclusive, suggest promise for combination passwords.
IRJET- Graphical user Authentication for an Alphanumeric OTPIRJET Journal
This document discusses graphical passwords as an alternative to traditional alphanumeric passwords. It summarizes different types of graphical password authentication techniques, including recognition-based systems where users select images during registration and later identify those images to log in. It also discusses recall-based systems where users recreate a password by clicking or drawing on images. The document proposes using a one-time password (OTP) with graphical passwords to enhance security against shoulder surfing attacks, where the OTP provides information about which items to click in an image for authentication. Overall, the document analyzes the security and usability advantages of graphical passwords compared to traditional text-based passwords.
Count based hybrid graphical password to prevent brute force attack and shoul...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
The document proposes a new 3D password authentication technique that aims to overcome limitations of existing authentication schemes like textual and graphical passwords. A 3D password involves navigating a 3D virtual environment and interacting with virtual objects in a certain sequence. This provides a large password space and allows combining multiple authentication factors like passwords, biometrics and smart cards. The document discusses designing 3D environments, creating 3D passwords, applications and advantages like increased security. Potential limitations include requiring sophisticated technology and being difficult for blind users.
A Well Known Tool Based Graphical Authentication Technique cscpconf
Authentication is the first step of information security. Authentication schemes require users to
memorize the passwords and recall them during log-in time. Traditional text-based
authentication schemes have memorability problems for secure passwords. Graphical password
schemes are introduced as alternatives to text based schemes. Many techniques have been
designed using single image or multiple images. Few grid based authentication techniques are
proposed. This paper introduces a new authentication technique based on a well known tool.
The most popular game especially in rural areas, “Snakes and Ladders” is used as a tool in
authentication technique. The usage of this tool increases the memorability and usability of
passwords.
The document proposes two new authentication schemes for PDAs that use session passwords. Session passwords are one-time passwords generated for each login. The first scheme generates passwords based on pairs of letters from a secret text password and their intersections on a grid. The second scheme has users rate colors during registration, and session passwords are generated by the intersections of those colors on a color grid and number grid displayed during login. Both schemes aim to be resistant to dictionary attacks, brute force attacks, and shoulder surfing by changing the grids each time. The techniques were proposed to provide authentication for PDAs but require further testing for usability and effectiveness.
The document discusses graphical password authentication as an alternative to text-based passwords. It proposes a new approach using colors and image-based authentication to combat shoulder surfing attacks. The proposed method requires users to register with a username and password. During login, they authenticate through a series of image-based challenges where they must click on points within color-coded images in the correct sequence. This adds randomness to improve security against shoulder surfing compared to traditional text passwords. The summary provides an overview of the problem addressed, the proposed solution, and the expected benefits of increased security and usability.
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
Implementation of Knowledge Based Authentication System Using Persuasive Cued...IOSR Journals
This document presents a graphical password authentication system called Persuasive Cued Click Points (PCCP) that uses images and sound signatures. PCCP aims to improve usability and security over traditional text passwords. A user selects a sequence of click points, one on each of 5 images. Each click point is associated with a sound signature to help the user recall it. The system creates a profile vector from the click points. At login, the user's click points are compared to the profile vector. If they match within a tolerance level, the user is authenticated. The document discusses related work, the proposed system's algorithms and design, and concludes PCCP increases the effective password space while allowing user choice. Users found P
The document proposes two new authentication schemes for PDAs that use session passwords. Session passwords are one-time passwords generated for each login. The first scheme generates passwords based on pairs of letters from a secret text password and their intersections on a grid. The second scheme has users rate colors during registration, and session passwords are generated by the intersections of those colors on a color grid and number grid displayed during login. Both schemes aim to be resistant to dictionary attacks, brute force attacks, and shoulder surfing by changing the grids each time. The techniques were proposed to provide authentication for PDAs but require further testing for usability and effectiveness.
Presentation on Graphical password-technology to make system more securedSanjeev Kumar Jaiswal
A graphical password is an authentication system that works by having
the user select from images, in a specific order, presented in a graphical
user interface (GUI). Graphical passwords may offer better security than
text-based passwords because many people, in an attempt to memorize
text-based passwords, use plain words
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
The document describes a proposed 3D password authentication scheme. The scheme would present users with a 3D virtual environment containing various objects that they could interact with. A user's 3D password would be the specific sequence of interactions with different objects in the environment, such as typing on a virtual keyboard, providing fingerprint authentication at a device, or selecting radio channels in a virtual car. The scheme aims to combine elements of textual passwords, graphical passwords, biometrics, and tokens into a single 3D environment. Designing the virtual environment and selecting distinct object types and locations would determine the size of the possible password space. The scheme is presented as an alternative to traditional authentication methods that aims to be more secure, usable and flexible.
— A CAPTCHA means "Completely Automated
Public Turing test to tell Computers and Humans Apart". It is a
type of challenge-response test used in computing to determine
whether or not the user is human. CaRP is both a Captcha and a
graphical password scheme. CaRP addresses a number of
security problems altogether, such as online guessing attacks,
relay attacks, and, if combined with dual-view technologies,
shoulder-surfing attacks. Particularly, a CaRP password can be
found only probabilistically by automatic online guessing attacks,
even if the password is in the search set. CaRP also offers an
approach to address the well-known image hotspot problem in
popular graphical password systems, such as PassPoints, which
often leads to weak password choices. Thus, a variant to the
login/password scheme, using graphical scheme was introduced.
But it also suffered due to shoulder-surfing and screen dump
attacks. Thus it introduces a framework to proposed (IPAS)
Implicit Password Authentication System, which is protected to
the common attacks suffered by other authentication schemes.
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Folder Security Using Graphical Password Authentication Schemepaperpublications3
Abstract: Now a day most of the user are facing problem for providing the security to the folder, so that it will not be accesses by the unauthorized user. Taking in action all these problems I have designed a model which will provide a best security to your folders using graphical password authentication model. Graphical passwords are an alternative to alphanumeric passwords in which users click on images to authenticate themselves rather than type alphanumeric strings. We have developed one such system, called Pass Points, and evaluated it with human users. Beginning around 1999, a multitude of graphical based password scheme which have been proposed as alternative to text based password scheme, motivated by the promise of improved password memorability and thus usability. This paper presents a detailed evaluation of the Pass Points and pattern matching password scheme which provides high level of security and provides security to your folder.
An Improving Method of Grid Graphical Password Authentication SystemIJERA Editor
Security in the computer is largely supported by passwords for authentication process. Alphanumeric passwords still remain as the most common Authentication method. This conventional authentication method has been shown to be susceptible security threats such as phishing attack, brute force attack, dictionary attack, spyware attack etc. To overcome the vulnerabilities of traditional methods, a numerous graphical password authentication systems have been designed. These graphical passwords are usually seen as complex and time consuming. Furthermore, the existing graphical passwords are susceptible to spyware and shoulder surfing attacks. In this system we propose this 2 step random colored grid graphical password scheme to abolish the above mentioned well known security threats. Considering the drawbacks of the existing graphical password systems, we have proposed a robust graphical password scheme, which is highly adaptable for traditional desktop systems, smart phones and other web applications
SHUFFLED INPUT GRAPHICAL PASSWORD AUTHENTICATION SCHEMES BUILT ON CAPTCHA TEC...ijiert bestjournal
When we consider the online service or desktop appl ication there is major issue of security breaching. Old password schemes has some drawbacks like hacking of password,shoulder-surfing attack as far as password is con cern,online password guessing attack,relay attack. Hence there must be system that provides good solution for suc h password cracking attacks. There are many solutions for it a nd various password schemes available that achieves this. The main drawback of these schemes is that users have t o deal with complicated and tedious steps as far as registration and login of user is concern as its logic contains some intense AI processes. These complicated AI pro cesses are exhaustive for common user of the system. In this p aper we proposed authentication scheme which consis t of graphical password based captcha challenge image. I t consists of both a captcha and a graphical passwo rd schemes. We extend the use of captcha as human present recog nition as well as graphical password hence it provi des all benefits of captcha and make system more powerful f rom security point of view.
Authentication plays a major role in Digital environment. In this environment we have different methods which generally use alphanumeric characters and special characters for password creation. These methods have some problems like hard to remember password because it has no meaning and easily breakable by third parties or attackers. To address these issues, many techniques for authentication are proposed from which graphical password method is best in terms of cost and usage. Basically, Graphical passwords use images for password creation and it has some demerits like hotspot and shoulder surfing problem. A persuasive cued click-point based method reduces hotspot problem. To prevent persuasive cued click-point based method from shoulder surfing we include one time password. For more user convenience we provide two login
methods one which requires internet and other which does not
require internet.
IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...IRJET Journal
This document proposes a Multi-facet Password Scheme (MAPS) for mobile authentication called Chess-based MAPS (CMAPS) that combines information from multiple facets (types of information) to generate passwords. CMAPS uses gestures on a chessboard interface to create passwords with a larger password space than 4-digit PINs or 8-character passwords, improving security. User studies showed CMAPS achieved high memorability while exceeding the security of standard passwords. The document reviews related work in graphical passwords, mobile authentication schemes, and gamification of security mechanisms. It also outlines threats assumed for the mobile authentication system, including a stolen device and an attacker unable to access data through other means.
The document proposes a 3-D graphical authentication system as an alternative to traditional textual passwords. It describes users having difficulty with passwords that are hard to remember but easy to crack. The proposed system uses a 3-D virtual environment where the password is a sequence of interactions with objects. This combines elements of recognition, recall, tokens, and biometrics. Guidelines for designing the virtual environment include making it similar to real life and ensuring objects are unique and distinguishable. The system could protect critical systems by offering a very large password space through its multi-factor approach.
Investigating the Combination of Text and Graphical Passwords for a more secu...IJNSA Journal
Security has been an issue from the inception of computer systems and experts have related security issues with usability. Secured systems must be usable to maintain intended security. Password Authentication Systems have either been usable and not secure, or secure and not usable. Increasing either tends to complicate the other.
Text passwords are widely used but suffer from poor usability, reducing its security. Graphical Passwords, while usable, does not seem to have the security necessary to replace text passwords. Attempts using text or graphics only have mixed results. A combination password is proposed as a potential solution to the problem.
This paper explores combination as a means of solving this password problem. We implemented three password systems: Text only, Graphics only and a Combination of Text and Graphics. Remote evaluations were conducted with 105 computer science students. Results from our evaluations, though not conclusive, suggest promise for combination passwords.
IRJET- Graphical user Authentication for an Alphanumeric OTPIRJET Journal
This document discusses graphical passwords as an alternative to traditional alphanumeric passwords. It summarizes different types of graphical password authentication techniques, including recognition-based systems where users select images during registration and later identify those images to log in. It also discusses recall-based systems where users recreate a password by clicking or drawing on images. The document proposes using a one-time password (OTP) with graphical passwords to enhance security against shoulder surfing attacks, where the OTP provides information about which items to click in an image for authentication. Overall, the document analyzes the security and usability advantages of graphical passwords compared to traditional text-based passwords.
Count based hybrid graphical password to prevent brute force attack and shoul...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
The document proposes a new 3D password authentication technique that aims to overcome limitations of existing authentication schemes like textual and graphical passwords. A 3D password involves navigating a 3D virtual environment and interacting with virtual objects in a certain sequence. This provides a large password space and allows combining multiple authentication factors like passwords, biometrics and smart cards. The document discusses designing 3D environments, creating 3D passwords, applications and advantages like increased security. Potential limitations include requiring sophisticated technology and being difficult for blind users.
A Well Known Tool Based Graphical Authentication Technique cscpconf
Authentication is the first step of information security. Authentication schemes require users to
memorize the passwords and recall them during log-in time. Traditional text-based
authentication schemes have memorability problems for secure passwords. Graphical password
schemes are introduced as alternatives to text based schemes. Many techniques have been
designed using single image or multiple images. Few grid based authentication techniques are
proposed. This paper introduces a new authentication technique based on a well known tool.
The most popular game especially in rural areas, “Snakes and Ladders” is used as a tool in
authentication technique. The usage of this tool increases the memorability and usability of
passwords.
The document proposes two new authentication schemes for PDAs that use session passwords. Session passwords are one-time passwords generated for each login. The first scheme generates passwords based on pairs of letters from a secret text password and their intersections on a grid. The second scheme has users rate colors during registration, and session passwords are generated by the intersections of those colors on a color grid and number grid displayed during login. Both schemes aim to be resistant to dictionary attacks, brute force attacks, and shoulder surfing by changing the grids each time. The techniques were proposed to provide authentication for PDAs but require further testing for usability and effectiveness.
The document discusses graphical password authentication as an alternative to text-based passwords. It proposes a new approach using colors and image-based authentication to combat shoulder surfing attacks. The proposed method requires users to register with a username and password. During login, they authenticate through a series of image-based challenges where they must click on points within color-coded images in the correct sequence. This adds randomness to improve security against shoulder surfing compared to traditional text passwords. The summary provides an overview of the problem addressed, the proposed solution, and the expected benefits of increased security and usability.
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
1) The document proposes an image-based password authentication system that uses RSA encryption. In the system, users select click points on images to create a password. These click points are encrypted using RSA cryptography for improved security.
2) During registration, a user provides information and selects click points on images to create their password. These passwords are stored in a database after RSA encryption. For login, the user must select the same click points. If incorrect, the account can be locked after multiple tries.
3) The system was implemented using C# and MySQL. Experimental results show the registration, authentication, and password retrieval processes working as intended to provide a more secure alternative to text-based passwords.
Abstract - A password is a sequence of characters used to determine whether the user is authenticated or not. Nowadays most of the password is text-based. Since text based password is hard to remember people try to use simple memorable password such as pet names, phone number, etc. which are easy to break by intruders. The main idea behind the paper is to replace the text-based passwords by image based password and encrypt using RSA algorithm. Our experimental result shows that image passwords are easy to remember, better than the text.
TEXTUAL passwords have been the most widely used authentication method for decades. Comprised of number sand upper- and lower-case letters, textual passwords are considered strong enough to resist against brute force
attacks. However, a strong textual password is hard to memorize and recollect .Therefore, users tend to choose passwords that are either short or from the dictionary, rather than random alphanumeric strings.
Various graphical password authentication schemes
were developed to address the problems and weaknesses associated with textual passwords. Based on some studies such as those in , humans have a better ability to memorize images with long-term memory(LTM) than verbal representations. Image-based passwords were proved to be easier to recollect in several user studies As a result, users can set up a complex authentication password and are capable of recollecting it after a long time even if the memory is not activated periodically.
The human actions such as choosing bad passwords for
new accounts and inputting passwords in an insecure way for later logins are regarded as the weakest link in the authentication chain [16]. Therefore, an authentication scheme should be designed to overcome these vulnerabilities.
In this paper, we present a secure graphical authentication system named Pass Matrix that protects users from becoming victims of shoulder surfing attacks when inputting passwords in public through the usage of one-time login indicators. A login indicator is randomly generated for each pass-image and will be useless after the session terminates. The login indicator provides better security against shoulder surfing attacks, since users use a dynamic pointer to point out the position of their passwords rather than clicking on
the password object directly.
Passblot: A Highly Scalable Graphical One Time Password SystemIJNSA Journal
User authentication is necessary to secure the data and process on Internet and in digital devices. Static text based authentication are most widely employed authentication systems for being inexpensive and highly scalable. But they are prone to various types of active and passive attacks. The constant need of extending them to increase security is making them less usable. One promising alternative is Graphical
authentication systems, which if implemented properly are more secure but have their own drawbacks. In this paper, we discuss in detail the extension of our previous work Passblot [18], a unique graphical authentication system. It generates pseudo random one time passwords using a set of inkblots, unique to
each user. Properties of one time passwords ensure the resistance towards various common attacks and the uniqueness of human perception makes it usable. We demonstrate how our system effectively mitigates various attacks and analyse the results from various experiments conducted.
A novel multifactor authentication system ensuring usability and securityijsptm
User authentication is one of the most important part of information security. Computer security most
commonly depends on passwords to authenticate human users. Password authentication systems will be
either been usable but not secure, or secure but not usable. While there are different types of authentication
systems available alphanumeric password is the most commonly used authentication mechanism. But this
method has significant drawbacks. An alternative solution to the text based authentication is Graphical
User Authentication based on the fact that humans tends to remember images better than text. Graphical
password authentication systems provide passwords which are easy to be created and remembered by the
user. However, the main issues of simple graphical password techniques are shoulder surfing attack and
image gallery attack. Studies reveals that most of the graphical passwords are either secure but not usable
or usable but not secure. . In this paper, a new technique that uses cued click point graphical password
method along with the use of one-time session key is proposed. The goal is to propose a new authentication
mechanism using graphical password to achieve higher security and better usability levels. The result of
the system testing is evaluated and it reveals that the proposed system ensures security and usability to a
great extent.
This document summarizes research on improving login authentication by providing a graphical password system. It discusses limitations of traditional text passwords, such as being vulnerable to guessing attacks. The proposed system allows users to select a personal image during registration and authenticate by selecting a region of that image. An experiment found the system reduced guessing attacks compared to text passwords. The document provides details on implementing the system, including storing selected image coordinates during registration and verifying the coordinates during login. It presents results showing the system encouraged more secure passwords compared to text passwords.
A graphical password authentication system (ieee 2011) 1Shaibi Varkey
The document proposes a graphical password authentication system that combines graphical and text-based passwords. It describes how the system works: users select points of interest (POIs) on an image and associate text with each during registration. For login, users must correctly select the POIs in the correct order and provide the associated text. The system was implemented using Visual Basic .NET and aims to achieve the memorability of graphical passwords with the security of text-based passwords through multiple authentication factors.
The document describes a proposed graphical password authentication system that integrates sound signatures. The system uses a Cued Click Points (CCP) scheme where users select one click point on each of five images as their password. Additionally, users select a sound signature for each click point to help recall the password. Evaluation showed the system had better usability, accuracy and speed than other authentication methods. Users found selecting one click point per image aided by sound signatures was easier than alternatives. The system addresses limitations of prior work by making password cracking more difficult through the addition of sound signatures.
This document summarizes a project on graphical password authentication. It presents an introduction to the topic, discussing problems with traditional alphanumeric passwords. It then outlines the objectives of the project, which are to design a new graphical password technique that is resistant to shoulder surfing and other attacks. The document reviews several relevant research papers on graphical passwords and their usability and security. It provides an system requirements and architecture diagram for the proposed system. Finally, the conclusion discusses how graphical passwords can provide greater security than traditional text passwords.
Authentication Scheme for Session Password using matrix Colour and Text IOSR Journals
The most common method used for authentication is Textual passwords. But textual passwords are
in risk to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are
introduced as alternative techniques to textual passwords. Most of the graphical schemes are helpless to
shoulder surfing. To address this problem, text can be combined with images or colors to generate session
passwords for authentication. Session passwords can be used only once and every time a new password is
generated. In this paper, two techniques are proposed to generate session passwords using text and colors
which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants.
A Graphical Password Scheme using Persuasive Cued Click PointsIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...IOSR Journals
This document describes a graphical password authentication technique called Persuasive Cued Click Based Graphical Password with Scrambling. The technique aims to encourage users to select stronger passwords while maintaining memorability. It uses a picture and persuades users to click points on the image in a certain order and number as their password. The images are scrambled during login to make image recognition more complex and protect against common attacks on graphical passwords. The scrambling technique and persuasive cues are meant to address security and usability issues with traditional text passwords and other authentication methods.
Graphical password authentication using Pass facesIJERA Editor
Authentication is one of the most important security primitive. Alphanumeric password authentication is most widely used authentication mechanism. This mechanism has been shown to have several drawbacks and is prone to various attacks such as brute force attack, shoulder surfing attack, dictionary attack. Thus to overcome the drawbacks of alphanumeric passwords, we propose Graphical passwords as an alternative to alphanumeric passwords. This is because humans tend to remember visuals better than text. This paper attempts to highlight the existing graphical Passface system, its usability features and then develop a new graphical password system that combines both graphic and texts passwords to fortify the authentication process on desktop systems.
A Survey of User Authentication Schemes for Mobile DeviceIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
Defenses against large scale online password guessing attacksdhanyashree11
This document summarizes research on graphical password authentication techniques. It begins by discussing weaknesses in traditional text-based passwords, such as being easily guessed. It then discusses how graphical passwords that use images aim to address these weaknesses by being more memorable and having a larger password space. The document conducts a comprehensive survey of existing graphical password techniques, classifying them into recognition-based and recall-based approaches. It also discusses major design and implementation considerations and aims to answer whether graphical passwords are as secure as text passwords.
IRJET- Graphical Password to Avoid Shoulder SurfingIRJET Journal
This document proposes a graphical password system to avoid shoulder surfing attacks. It involves a wheel divided into inner and outer circles with randomly arranged characters and numbers in each segment. Colors are assigned to each segment. To enter a password character, the user rotates the wheel clockwise or counterclockwise to align the correct color with the character segment, then selects inner or outer circle. This is intended to confuse observers and prevent password detection during entry, improving security for confidential systems while being low-cost. The system aims to provide shoulder surfing resistance without using expensive biometric authentication.
Similar to An Ancient Indian Board Game as a Tool for Authentication (20)
Introduction- e - waste – definition - sources of e-waste– hazardous substances in e-waste - effects of e-waste on environment and human health- need for e-waste management– e-waste handling rules - waste minimization techniques for managing e-waste – recycling of e-waste - disposal treatment methods of e- waste – mechanism of extraction of precious metal from leaching solution-global Scenario of E-waste – E-waste in India- case studies.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Sinan KOZAK
Sinan from the Delivery Hero mobile infrastructure engineering team shares a deep dive into performance acceleration with Gradle build cache optimizations. Sinan shares their journey into solving complex build-cache problems that affect Gradle builds. By understanding the challenges and solutions found in our journey, we aim to demonstrate the possibilities for faster builds. The case study reveals how overlapping outputs and cache misconfigurations led to significant increases in build times, especially as the project scaled up with numerous modules using Paparazzi tests. The journey from diagnosing to defeating cache issues offers invaluable lessons on maintaining cache integrity without sacrificing functionality.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Null Bangalore | Pentesters Approach to AWS IAMDivyanshu
#Abstract:
- Learn more about the real-world methods for auditing AWS IAM (Identity and Access Management) as a pentester. So let us proceed with a brief discussion of IAM as well as some typical misconfigurations and their potential exploits in order to reinforce the understanding of IAM security best practices.
- Gain actionable insights into AWS IAM policies and roles, using hands on approach.
#Prerequisites:
- Basic understanding of AWS services and architecture
- Familiarity with cloud security concepts
- Experience using the AWS Management Console or AWS CLI.
- For hands on lab create account on [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
# Scenario Covered:
- Basics of IAM in AWS
- Implementing IAM Policies with Least Privilege to Manage S3 Bucket
- Objective: Create an S3 bucket with least privilege IAM policy and validate access.
- Steps:
- Create S3 bucket.
- Attach least privilege policy to IAM user.
- Validate access.
- Exploiting IAM PassRole Misconfiguration
-Allows a user to pass a specific IAM role to an AWS service (ec2), typically used for service access delegation. Then exploit PassRole Misconfiguration granting unauthorized access to sensitive resources.
- Objective: Demonstrate how a PassRole misconfiguration can grant unauthorized access.
- Steps:
- Allow user to pass IAM role to EC2.
- Exploit misconfiguration for unauthorized access.
- Access sensitive resources.
- Exploiting IAM AssumeRole Misconfiguration with Overly Permissive Role
- An overly permissive IAM role configuration can lead to privilege escalation by creating a role with administrative privileges and allow a user to assume this role.
- Objective: Show how overly permissive IAM roles can lead to privilege escalation.
- Steps:
- Create role with administrative privileges.
- Allow user to assume the role.
- Perform administrative actions.
- Differentiation between PassRole vs AssumeRole
Try at [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
An Ancient Indian Board Game as a Tool for Authentication
1. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.4, July 2011
DOI : 10.5121/ijnsa.2011.3414 154
An Ancient Indian Board Game as a Tool for
Authentication
Sreelatha Malempati1
and Shashi Mogalla2
1
Department of Computer Science and Engineering
RVR & JC College of Engineering, Guntur, A.P.
e-mail: lathamoturi@rediffmail.com
2
Department of Computer Science and System Engineering
Andhra University College of Engineering, Visakhapatnam, A.P
e-mail: smogalla2000@yahoo.com
Abstract: User authentication is the first phase of information security. Users should remember their
passwords and recall them for authentication. Text based passwords is the traditional method for
authentication. Short and simple passwords are memorable and usable but not secure. Random and lengthy
passwords are secure but not memorable and usable. Graphical password schemes are introduced as
alternatives to text based schemes. Few grid based authentication techniques are also proposed. The
purpose of this paper is to introduce a tool to enhance the memorability and security of passwords which
also provides usability. The most popular ancient Indian board game “Snakes and Ladders” is used as a
tool for authentication.
Keywords: Intrusion prevention, Graphical passwords, Snakes & Ladders game,
memorability of passwords .
1. INTRODUCTION
Authentication refers to the process of confirming or denying an individual’s claimed identity.
User authentication is the first phase of information security. Users should remember their
passwords and recall them for authentication. Current authentication methods can be divided
into three main areas: Knowledge based authentication, token based authentication and biometric
based authentication. Knowledge based authentication techniques are most widely used and
include text-based and picture-based passwords. Credit card is an example for token based
authentication technique. Fingerprints, iris scan, or facial recognition are examples of biometric
based authentication. The major drawbacks of token based and biometric based authentication
methods are expensive and requires special devices. Textual passwords are first choice for
authentication by humans. Due to the limitation of human memory, users generally choose the
passwords which are easy to remember. The strength of the password depends on size of the
memorable password space rather than full password space. Short and simple passwords are
memorable and usable but not secure. Random and lengthy passwords are secure but not
memorable and usable. Graphical password schemes are introduced as alternatives to text based
schemes.
Strong password policies[1] may be adopted by the organizations for secure passwords. Those
policies typically increase the burden on the users’ ability to remember the passwords [2]. For
an effective authentication scheme, passwords must be memorable, usable and secure.
According to DTI survey[3], an average user has to remember three different job-related user
IDs and passwords. Some employees need to remember more than 10 passwords. In addition,
each user has to remember many personal passwords for banking, e-commerce, email accounts
2. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.4, July 2011
155
and social networking accounts. As the number of passwords to remember increase, it is difficult
for the human to recall the passwords.
Graphical authentication schemes are introduced as alternatives to text-based passwords.
Cognitive studies have shown that people are much better at recognizing previously seen images
than at recalling text precisely. Graphical password schemes can be grouped into three classes
based on the type of cognitive activity required to remember the password: recognition, pure
recall, and cued recall [4,5]. Recognition is the easiest one for human memory whereas pure
recall is most difficult since the information must be accessed from memory without cues.
Traditional password schemes are examples for pure recall. Cued recall provides cues to users
that are associated with the password which helps to recall their passwords [5].
The short and simple passwords are easy to remember. But it is easy to break the password.
Random and lengthy passwords are more secure but difficult to remember. This paper proposes
to use a tool to select lengthy and memorable passwords. Psychology studies have revealed that
the human brain is better at recognizing and recalling images than text[6 ]. A cued recall scheme
is used to increase the memorability of passwords. As a well known tool is being used for
password memorability and security, it also provides usability of passwords .
Snakes and ladders is an ancient Indian board game that is now a worldwide classic. It is played
between 2 or more players on a playing board with numbered grid squares. On certain squares
on the grid are drawn a number of "ladders" connecting two squares together, and a number of
"snakes" also connecting squares together. The size of the grid (most commonly 8×8, 10×10 or
12×12) varies from board to board. Each player starts with a token in the starting square and
takes turns to roll a single die to move the token by the number of squares indicated by the die
roll, following a fixed route marked on the gameboard from the bottom to the top of the playing
area, passing once through every square. If, on completion of this move, they land on the lower-
numbered end of the squares with a "ladder", they can move their token up to the higher-
numbered square. If they land on the higher-numbered square of a pair with a "snake" they must
move their token down to the lower-numbered square. The winner is the player whose token first
reaches the last square of the track. This game is used for authentication to improve the
memorability, usability and security of passwords. This tool is especially useful for rural people
to remember lengthy passwords.
This paper is organized as follows: Related work is presented in section 2; in section 3 the
authentication scheme based on the tool is proposed; security analysis is done in section 4; user
study is given in section 5 and conclusion is proposed in chapter 6.
2. RELATED WORK
Many graphical authentication schemes have been proposed. Blonder[7 ] suggested a technique,
whereby a password is created by having the user click on several locations on an image. During
authentication, the user must click on the approximate areas of those locations. Dhamija and
perrig [8] proposed a graphical authentication scheme in which the user selects certain number
of images from a set of random pictures during registration. Later user has to identify the pre-
selected images for authentication. The users are presented a set of pictures on the interface,
some of them taken from their portfolio, and some images selected randomly. For successful
authentication, users have to select ‘their’ pictures amongst the distractors. Weinshall and
Kirkpatrick [9] proposed authentication schemes picture recognition, object recognition &
pseudo word recognition and declared that pictures are most effective than the other two
proposed schemes. More graphical password schemes have been summarized in a recent survey
paper [10].
3. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.4, July 2011
156
Few grid based schemes are proposed which uses recall method. Jermin et al [11] proposed a
technique called “Draw A Secret” (DAS) where a user draws the password on a 2D grid. The
coordinates of this drawing on the grid are stored in order. During authentication user must
redraw the picture. The user is authenticated if the drawing touches the grid in the same order.
The major drawback of DAS is that diagonal lines are difficult to draw and difficulties might
arise when the user chooses a drawing that contains strokes that pass too close to a grid-line.
Users have to draw their input sufficiently away from the grid lines and intersections in order to
enter the password correctly. If a user draws a password close to the grid lines or intersections,
the scheme may not distinguish which cell the user is choosing.
Wiedenbeck et al [12 ] proposed PassPoints in which passwords could be composed of several
points on an image. They examined the usability of PassPoints in three separate in-lab user
studies to compare text passwords to PassPoints and to verify the usability of PassPoints .
Goldberg et al[13 ] conducted a small scale user study on a similar scheme Passdoodle. Thirteen
participants took part in the study and each of them was asked to draw passdoodles using a pen
and paper, rather than in a real system. Passdoodles were required to consist of at least two
strokes and could be drawn in multiple colors. A doodle is considered as a full match if it is
drawn in exactly the same order as when the user initially drew the passdoodle, and is
considered as a visual match if it is not a full match due to stroke order, stroke direction, or
number of strokes. They found that the order in which a password is drawn introduced much
complexity to graphical passwords and suggested to neglect the order.
Chiasson et al[14 ] proposed a cued-recall graphical password technique. Users click on one
point per image for a sequence of images. The next image displayed is based on the previous
click point so users receive implicit feedback as to whether they are on the correct path when
logging in. A wrong click leads down an incorrect path, with an explicit indication of
authentication failure only after the final click. The visual cue does not explicitly reveal right or
wrong but is evident using knowledge only the legitimate user should possess.
Luca et al [15] evaluated different authentication techniques for ATM usage. During the
experimentations they found that many users tend to support their memory for their 4-digit-PINs
by incorporating the layout of the digits on the number pad and the shape resulting from these
spatial relations. Figure 1 shows an example: when entering the PIN 7197 a triangle is made on
the number pad. This shape is used by many users to support their memory.
Figure 1: A shape used to remember the PIN 7-1-9-7
Luca et al[16] in the PassShapes concept, eliminate PINs as authentication tokens and used
simple geometric shapes instead. These PassShapes are composed of strokes. There are eight
different possible strokes defined which are shown in Figure 2. Several strokes consecutively
4. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.4, July 2011
157
drawn without lifting the pen are called a stroke sequence. A PassShape itself may consist of
several stroke sequences which may be disconnected shapes.
Figure 2: The eight different strokes used in the PassShapes concept
PassShapes can be represented by an alphanumeric string for internal processing and storage.
Each stroke has a corresponding character representation as depicted in Figure 2, where the
letters indicate the stroke directions: an ‘L’ stands for ‘left’, an ‘R’ stands for right etc. whereas
the numbers refer to the direction equivalent to the position of the number on a standard number
pad (i.e. ‘7’ corresponds to ‘top left’). A pen-up event separating two stroke sequences is marked
with an ‘X’. An example for internal representation of PassShape is U93DL9L3XU3U. For
authentication the user has to reproduce his PassShape either using a touch screen, touch pad or
another pointing device. The important aspect is that the strokes of a PassShape are always
drawn in the same order, which additionally supports memorability.
The tool based graphical authentication technique is proposed to increase the memorability of
passwords[17].This is a well known tool all over the world. M Sreelatha et al[18] proposed
shoulder-surfing resistant techniques for PDAs based on images and text. User has to remember
pairs of images or pairs of image and text. M Sreelatha et al[19] proposed shoulder-surfing
resistant techniques where actual passwords are mapped on to new passwords which makes
intruder’s task difficult.
3. AUTHENTICATION SCHEME USING “SNAKES AND LADDERS”
Authentication scheme consists of three steps: password registration, password entry and
password verification. User creates the password during registration. During login time, user
has to enter the password selected by him during registration. Then system verifies the password
to authenticate the user. The three important aspects of the password are memorability, usability
and security. A good authentication technique should enhance the three aspects.
In order to increase the memorability of passwords, it is proposed to use Snakes and ladders
board game. The size of the grid varies from board to board. Most common sizes are 8×8, 10×10
or 12×12. As the board is familiar to all users, the usbility is more. The users are able to
remember a sequence of grid cells or ladders or snakes for their password. As they are familiar
with the board game , the ladders and snakes it is easy for the users to remember the passwords.
5. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.4, July 2011
158
Fig 3: Snakes & ladders
The password can be sequence of three steps i.e. four grid cells in sequence. {18426081} is an
example of a password which indicates moves from grid cell 18 to 42, from grid cell 42 to 60
and from grid cell 60 to 81(18 42 60 81). User can select his favorite moves, and enter the
grid cells of the sequence of moves as password during registration. During login time, he enters
the same sequence as password for authentication. As a numeric value, it is not possible to
remember that number. But with the help of board game, it is possible to remember the
password.
The advantage of using this tool is no modification is required on the server side. On the client
side, this board can be displayed on the screen to help the user to recollect his password.
4. SECURITY ANALYSIS
The Tool is proposed to increase the memorability of passwords. With the help of the tool, it is
possible to select lengthy passwords. Lengthy passwords automatically increases the security.
Complexity
Generally the board game consists of 100 cells. For a password with three moves the total
password space is 100 x 99 x 98 x 97 theoretically. But, practically the password space may be
less than that value. Users may not select all the grid cells with equal priority, they may
concentrate only on snakes or ladders. If the user skips all the snakes and considers only ladders
for his password, then the password space will be reduced a lot which makes the intruder’s task
easy. Solution for this problem is to use a game board which is having a picture in each cell.
Now the user concentrates not only on snakes or ladders but also the pictures. He can select his
favorite pictures and the numbers of those cells can be used for authentication.
Character coding
Instead of cell numbers of the moves, it is possible to use character codes to increase the
password space.. The board which we use for password should contain pictures in all cells. Each
grid cell is having a picture. User has to select four grid cells for three moves and for the pictures
in the grid cells user has to assign some code (2 to 4 characters) which he can recollect by seeing
the pictures. During registration, he creates the password by entering the code of all grid cells
selected by him in sequence. During login, he enters the password for authentication. Suppose
the password contains the moves{46 50 63 66}. The codes are “sari, bila, ramu, sony”.
6. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.4, July 2011
159
Fig 4: snakes and Ladders with pictures
The story behind these codes is, user assumed for grid cell 46 – “I have a mango color sari”, for
grid cell 50- “This tree is in the centre of our village bila”, for grid cell 63 –“ My daughter calls a
crow as ramu” and for grid cell 66 – “She looks like my aunty sony”. Then the password is
“saribilaramusony” which consists of 16 characters. This password is difficult to remember, but
with help of game board, it is easy to remember. The password “sariBilaRamuSony” even
increases the strength of the password. Characters can be combined with numbers to form
alphanumeric password. “sari50ramu66” is an example for alphanumeric password. Special
characters can be assigned to some pictures in the grid cells. If the password contains 16
characters, then the password space is 2616
for alphabets, 3616
for alphanumerics and even more
when special symbols are included in the password..
Attacks
Dictionary attack may not be possible because the passwords selected may not be having any
meaning and may not be in the dictionary. Exhaustive search attacks may be difficult because of
the lengthy passwords. Guessing may be successful if only snakes and ladders are on the board.
Are used. If the board contains pictures, then it may be difficult to break the password. Social
engineering is also difficult because even user may not be able to remember the password
without looking at the board. Though this authentication scheme is vulnerable to shoulder
surfing, because of the lengthy password it requires hidden cameras to observe the password.
Shoulder-surfing resistance: The limitation of the technique is shoulder-surfing vulnerability.
To make the authentication technique shoulder-surfing resistant , some mapping is required from
actual password to some session password. An interface grid will be displayed with 0-9 digits
randomly placed in grid cells as shown in fig 5. The number of each cell is to be used to get a
digit from the grid. The first digit is used to refer to row and second digit is used to refer to
column and the intersecting element becomes part of the password. For an eight password, after
mapping a four digit session password can be obtained.
7. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.4, July 2011
160
Fig 5: login interface
Based on the grid cells selected by the user and the interface generated , every time a new
session password is entered by the user. For example, for the password {18426781}, the session
password is {6770}. The technique reduces the size of the password for digits. The technique is
made as shoulder-surfing resistant at the cost of usability and some security.
An alternative method for shoulder-surfing resistance is shown in figure 6. Each two
digit number can be mapped on to a two bit number resulting in equal length binary
password. For every login , the bits are randomly placed in the grid and it generates a
new session password. For an 8 digit password, the session password contains 8 bits and
the complexity of finding grid cells is 25 4
.
Fig 6 : login interface with two symbols
5. USER STUDY
User study is conducted with 30 student participants. Initially the participants were asked to
select a password of length 6/8/10 digits and enter it on a paper. An even no. of digits password
is considered because except the first 9 cells, every grid cell consists of a two digit number and it
is easy to map the cells with numbers. First 9 grid cells can be considered as numbers from 00 to
09. The participants are divided into 3 groups to select passwords of different lengths, each
group consisting of 10 members. At the end of the first week and the second week, after
selecting the password, the participants again entered their password on a paper for verification.
The following results were obtained by verifying the passwords with original passwords(table
1). From the results, it is understood that it is difficult to remember lengthy passwords.
8. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.4, July 2011
161
Table 1 : Results of memorability study
Length of the
password
After first week
Memorability
After second week
Memorability
6 digits 0.9 0.7
8 digits 0.7 0.6
10 digits 0.5 0.3
An initial session was conducted to explain the scheme and to show the game board to the
participants. The game board is displayed on a screen to make them familiar with the game.
Then, the participants were informed to select grid cells on the board making moves for his
password. In the selection of grid cells, they can have their own story or concept to make moves.
Similar to the previous one, participants entered their passwords on a paper. At the end of first
and second weeks, after selecting the password the participants entered their password on a
paper again, this time with the help of the game board. After verification, it is observed that all
participants are able to remember their password (table 2).
Table 2 : Results of memorability study with the help of game board
Length of the
password
After first week
Memorability(%)
After second week
Memorability(%)
6 digits 1.0 1.0
8 digits 1.0 1.0
10 digits 1.0 0.9
After analysis, we observed that the participants concentrated on snakes and ladders only for the
selection of password and they are able to remember the password without fail. But with this
type of selection, the total password space is reduced. We requested the participants to select
character codes for their password and we gave them some time for practice. Later, we repeated
the same process and the results are shown in table 3.
Table 3 : Results of memorability study with the help of game board
Length of the
password
After first week
Memorability(%)
After second week
Memorability(%)
3*4 characters 0.9 0.8
4*4 characters 0.8 0.6
5*4 characters 0.7 0.5
The frequency of use has influence on memorability. Most frequently used systems increase the
memorability of passwords. In the case of character codes, it is observed that by increasing the
frequency of logins, there is lot of improvement in memorability.
9. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.4, July 2011
162
The results showed that “Snakes and Ladders” game is a promising tool to increase the
memorability of the password. 80% of the participants are interested in game board and 70% of
the participants are willing to use the game board as a regular tool. The rest of 80% are ready to
use the game board only for lengthy passwords. This indicates the usability of the tool. The
remaining 20 % of the participants are not interested in even selecting a lengthy password.
6. CONCLUSION
In general people select short and simple textual passwords to remember them easily. It makes
intruder’s task easy. Random and lengthy passwords are difficult to remember but provides more
security. Graphical passwords are introduced as alternatives to textual passwords. This paper
proposed an authentication system which uses “Snakes and ladders” board game to select
lengthy and memorable passwords. The board size is generally 10x10 with 100 grid cells. The
game consists of number of snakes and ladders. Users can make their favorite moves between
grid cells and selects each cell number in the move as part of the password. There is no need to
remember the password, user has to remember his favorite moves.
User study is done as paperwork. User study made it clear that the tool has promising results in
increasing the memorability of passwords. The usage of well known tool provides usability and
the lengthy passwords enhances security. The memorability and usability of character codes
should be studied as future work. The user study should be done extensively using systems.
The current study did not concentrate on time requirements. Actually, it is also important that
how much time is required to enter a password using the specified tool. It is the future work to
find minimum time and maximum time required to enter a password during login.
REFERENCES
[1] Department of Defense Computer Security Center, "Department of Defense Password
Management Guideline," Department of Defense, Washington, DC CSC-STD-002-85, April 12
1985.
[2] J. Yan, A. Blackwell, R. Anderson, and A. Grant, "Password Memorability and Security:
Empirical Results," IEEE Privacy & Security, vol. 2, pp. 25-31, 2004.
[3] DTI SURVEY (2006) DTI information security breaches survey. [WWW document]
http://www.pwc.co.uk/pdf/pwc_dti-fullsurveyresults06.pdf. GAW S and FELTEN EW (2006)
Password management strategies for online.
[4] Davis, D., F. Monrose, and M.K. Reiter. On User Choice in Graphical Password Schemes. 13th
USENIX Security Symposium, 2004.
[5] Renaud, K. Evaluating Authentication Mechanisms. Chapter 6 in Cranor, L.F., S. Garfinkel.
Security and Usability. O’Reilly Media, 2005.
[6] Nelson, D.L., U.S. Reed, and J.R. Walling. Picture Superiority Effect. Journal of Experimental
Psychology: Human Learning and Memory 3, 485-497, 1977.
[7] G. E. Blonder, "Graphical passwords," in Lucent Technologies, Inc., Murray Hill, NJ, U. S.
Patent, Ed. United States, 1996.
[8] R. Dhamija, and A. Perrig. “Déjà Vu: A User Study Using Images for Authentication”. In 9th
USENIX Security Symposium, 2000.
[9] D.Weinshall and S. Kirkpatrick, "Passwords You’ll Never Forget, but Can’t Recall," in
Proceedings of Conference on Human Factors in Computing Systems (CHI). Vienna, Austria:
ACM, 2004, pp. 1399-1402.
10. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.4, July 2011
163
[10] X. Suo, Y. Zhu, and G. S. Owen, "Graphical passwords: A survey," 21st Annual Computer
Security Applications Conference (ASCSAC 2005). Tucson, 2005.
[11] Jermyn, I., Mayer A., Monrose, F., Reiter, M., and Rubin., “The design and analysis of graphical
passwords” in Proceedings of USENIX Security Symposium, August 1999.
[12] Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., Memon, N. 2005. PassPoints: Design and
longitudinal evaluation of a graphical password system. In: International Journal of Human-
Computer Studies (HCI Research in Privacy and Security) 63, 102-127.
[13] J. Goldberg, J. Hagman, V. Sazawal, "Doodling Our Way To Better Authentication", CHI '02
extended abstracts on Human Factors in Computer Systems, 2002.
[14] Sonia Chiasson, P.C. van Oorschot and Robert Biddle, “Graphical Password Authentication
Using Cued Click Points”.
[15] De Luca, A., Weiss, R., Drewes, H. Evaluation of Eye-Gaze Interaction methods for Security
Enhanced PIN-Entry. In: Proceedings of OZCHI 2007, Adelaide, Australia, 28 – 30.11.2007.
[16] A. D. Luca, R. Weiss, and H. Hussmann, "PassShape : stroke based shape passwords," in
Proceedings of the conference of the computer-human interaction special interest group
(CHISIG) of Australia on Computer-human interaction: design: activities, artifacts and
environments. 28-30 November 2007, Adelaide, Australia, pp. 239-240.
[17] Sreelatha Malempati and Shashi Mogalla, “A well known tool based Graphical Authentication
technique”, CCSEA 2011, CS & IT 02, pp. 97-104, DOI : 10.5121/csit.2011.1211
[18] M Sreelatha, M Shashi, M Anirudh, Md Sultan Ahamer, V Manoj Kumar, “Authentication
Schemes for session passwords using color and images”, IJNSA Vol.3, No.3, May 2011,
DOI : 10.5121/ijnsa.2011.3308