USABILITY AND SECURITY OF GRAPHICAL USER
AUTHENTICATION APPROACHES
BY
NOVEMBER, 2024
1
� TABLE OF CONTENT
TITLE PAGE
EXECUTIVE SUMMARY
INTRODUCTION
PROBLEMS STATEMENT
OBJECTIVES AND SCOPE
LITERATURE REVIEW
METHODLOGY
EXPECTED RESULT
PROJECT PLAN
CONCLUSION
REFERENCES
EXECUTIVE SUMMARY
2
�The Project proposes a new technique of user Authentication that is
Graphical Password Authentication using Images Sequence. In
existing environment, a very important problem in information
security is user authentication. There are many authentication
techniques like textual, graphical, biometric, smart card etc. The
existing graphical authentication techniques based on images
selection are not good enough because in these techniques images
are predefined by the system. In this paper, a new technique is
proposed. In this method, user will upload images from his/her
personal gallery/directory for password selection and images
uploaded by one user will not be visible to other user. Graphical
password is used as an alternative to textual/traditional
alphanumeric password. Traditional alphanumeric password is
difficult to memorize and usually forget by users as times passes
when user remain unattached from the system, but in case of
graphical password there are less chances to forget password
because people remember images more easily than text based
password. There are also less chances for hackers to steal the
graphical based password because hackers will be unable to access
the images uploaded by the user as password.
INTRODUCTION
Data security and user authentication is a basic factor for
information security. Internet is providing accessibility to desired
information resources across the globe. Every organization, social
network, or any other platform try to provide better security to their
users which is accurate and more secure for users. Authentication of
user is basic component of any information system because it
provides the ability to the user to access the system. Old security
techniques which are using from a long time, provide less security
for authentication than the advance security techniques. In the
3
�perspective of information security there may be following main
objectives of authentication or security.
How to keep away an unauthorized user from gaining access to
system?
How to ensure the accessibility of authorized users to the required
resources of system?
How to communicate user with system and with other resources
[1]?
As described by the researchers and psychological studies that it is
nature of humans that they remember images better than text,
therefore the password which is graphical based, can be used
alternatively to text based password [2]. Password comprises of
data which is used to access to required resources of system.
Password is kept secret from other users so that an unauthorized
user can’t access the resources of system and can’t steel the
personal information of the authorized users. Authentication can be
done through several techniques like Textual/Alphanumeric, Smart
Card, Bio-metric, Graphical etc. [3]. Each technique provides its own
ability that can be regarded as secure. In this time user
authentication regarded as a key feature of information security.
PROBLEMS STATEMENT
Textual or Alphanumeric Password Authentication
Textual/Alphanumeric (it can also be called as text based password)
is a string or word of combined characters which are used to prove
the authorized users. This technique for user authentication is
commonly used for a long time because this technique has many
advantages but in the advance time there are more chances to steal
the password by hackers. To minimize the risk of stealing password,
the password should be minimum of eight characters with
4
�uppercase, lowercase, special characters and alphanumeric
characters. Alphanumeric password should not be meaningful
contents like your first or second name, your age, your date of birth,
your school name etc.
Lack(s):
Text based password is difficult to memorize for user because for
a good security, password should be lengthy, alphanumeric and
include special characters. If user use his password on daily
basis, then password will easily memorize and if user didn’t use
password for a long time then there is chances to forget
password.
To minimize the risk of forget password many users save their
password in text file in the computer or write down on the paper.
Saved password file can also steal by other users. Hackers can
break the security which is text based.
Attackers use some “Spy” software (Key Listener and Key
Logger) which can be easily install in the computer, these soft-
ware recorded the key strokes and save in the text file and these
kind of software have also ability to send the saved key strokes
to email address or an outside source.
Users have difficulty remembering complex, pseudo-random
passwords over time.
OBJECTIVES AND SCOPE
Firstly, Graphical Password idea was given by Blonder in 1996,
which states that an image should appear on given screen and user
should select some regions by clicking on the image, if the selected
regions of image are correct then the user will be authenticated.
User authentication using graphical technique is now very common.
Organizations or companies are trying to adopt this authentication
5
�technique. On the web images are also using as re-captcha to know
the types of user. Images as re-captcha provide advanced security.
Using images for authentication is easy for human and hard for
robots that’s why every organization or company try to adopt this
technique.
The objectives of the study are as follows:
To keep away an unauthorized user from gaining access to
system.
To ensure the accessibility of authorized users to the required
resources of system.
Passwords should be easy to remember, and the user
authentication protocol should be executable quickly and easily
by humans.
Passwords should be secure, i.e., they should look random and
should be hard to guess; they should be changed frequently, and
should be different on different accounts of the same user; they
should not be written down or stored in plain text.
SCOPE OF THE STUDY
In future it has great scope. It can be used everywhere instead of
text-based password .We can increase the security of this system by
increasing the number of levels used, the number of tolerance
squares used.
LITERATURE REVIEW
G. E, Blonde, proposed graphical password authentication technique
first time. According to introduced technique user can select some
click points to choose password from predefined image in the
registration phase. At the time of login, user selects those points
6
�which were selected in registration phase, if these points matched
then user is identified as authorized user.
Nikam proposed a graphical password scheme based on text. During
registration phase eight different colors are shown to users. User
can select only one color to set password. During login phase a
circle having eight sectors with a unique colored arc and 64 letters
divided in sectors (each sector with 8 letters) randomly is shown to
the user. User can choose the sector which contained letter of
password and then user drags it into the sector with colored arc
which was selected during registration.
Lashkari proposed a new technique in which authentication of user
is done by selection of images through different size of grids. During
registration phase if user selects images to choose password from a
4*4 size of grid then at the time of login phase user selects images
to choose password from 3*3, 5*5 or 6*6 size of grid. Size of grid
during registration and login is different.
Umar et al. presented a new authentication technique based on
images. During registration user selects desire image and then
clicks on different points of image. It is necessary for user to
remember number of clicked points, order of clicked points and the
time interval between two clicked points. During login user clicks on
image points which was clicked during registration.
Rane et al. proposed a new draw based graphical password
technique in which during login phase images are shown to user.
User selects several images in order to choose password. After this
user choose one image from selected images and clicks to draw
secret. During login phase user draws secret which was in the
registration phase. Sequence of clicks is not necessary.
Albayati, proposed a new authentication scheme based on decoy
image portions. During registration phase user uploads image from
mobile gallery regarding image details and choose complexity level
7
�of image. During login phase, system shows sub-images which
belong to original image and base on complexity level selected
during registration phase. System adds decoy sub-images. User
choose original sub-images for identification.
Syed, S. et al. proposed new authentication scheme based on
images with sound sequence. During registration phase user
provides basic information such as id, password, phone number etc.
After this user selects predefined images in desire sequence and
then select pixels on images and in the last user selects sound
signature corresponding to images as password. In login phase user
select pixels from registered images and select sound signature for
verification. This technique is more secure but it consumes more
time in registration phase and in login phase as well.
METHODLOGY
Top-down model was adopted in designing the Authomatic Graphics
Approaches . The result of the analysis was broken down into
different components where the design is started from the main
component down to the elementary components. The System was
categorized into three (3) major subsystems which are; admin
subsystem, and User subsystem. Each of the listed subsystems
above has a different user privileges to use the system.
Admin subsystem, here the user of this subsystem has the following
privileges; add/delete/update records and information of the entire
system. This subsystem is further broken down into; add images,
assign images and report. In the listed subsystems the administrator
can delete, add, and update the subsystem information.
User subsystem, unlike the admin subsystem here most privileges
are taken away, the user can only activate Login, view a Login
record or Password he/she was assign to choose.
8
� EXPECTED RESULT
The introduced technique is based on graphical images. In previous
techniques user selects a set of images but these images were
predefined but in the introduced technique user will upload images
from personal directory of computer. Sequence of images is key
factor of introduced authentication technique. In this technique user
will upload images at the time of registration for the sake of
password and for login, user will have to select the images which
were uploaded at the time of registration
PROJECT PLAN
S/N WORK DONE WEEK DEPENDECY
1 INTROUCTION 1 -
2 LITERATURE REVIEW 2 -
3 ANALYSIS AND DESIGN 3 1
4 PROGRAM TESTING 4 2
5 PROGRAM IMPLEMENTATION 5 3,4
6 SUMMARY 6 5
S/N WORK DONE W1 W2 W3 W4 W5 W6 W7
1 INTROUCTION
2 LITERATURE REVIEW
3 ANALYSIS AND DESIGN
4 PROGRAM TESTING
9
�5 IMPLEMENTATION
6 SUMMARY
10
� CONCLUSION
This project described about graphical password authentication technique using images
sequence. The introduced technique is based on the improvements in previous techniques
introduced by the researchers, in this research system has been developed that allows the user to
upload 4-6 images from his/her personal gallery or directory. Proposed system followed the
sequence of images which were uploaded during registration. Sequence/order of images and
number of images are key factor of proposed system. Images uploaded by one user are not visible
to other or unauthorized user.
11
� REFERENCES
"Password," in Wikipedia, Wikimedia Foundation, 2017. [Online].
Available: https://en.wikipedia.org/wiki/Password. Accessed: Jan. 24,
2017.
S. Ramanan, and B. J S, "A Survey on Different Graphical Password
Authentication Techniques," International Journal of Innovative
Research in Computer and Communication Engineering, vol. 2, issue
12, pp. 7594– 7602, Dec. 2014.
M. Burnett, and D. Kleimann, “Perfect passwords: Selection,
protection, authentication,” United States: Syngress Media, U.S.,
2005.
H. A. Kute, and D. N. Rewadkar, "Continuous User Identity
Verification Using Biometric Traits for Secure Internet Services,"
International Journal of Innovative Research in Computer and
Communication Engineering, vol. 3, issue. 8, pp. 7352–7357,
Aug.2015.
A. H. Lashkari, A. Gani, L. G. Sabet, and S. Farmand, "A new
algorithm on Graphical User Authentication (GUA) based on multi-
line grids," Scientific Research and Essays, vol. 5(24), pp. 3865–
3875, Dec. 2010.
12
