Login
Login

Graphical password

A graphical password or graphical user authentication is a form of authentication using images rather than letters, digits, or special characters. The type of images used and the ways, in which users interact with them vary between implementations.

Content types and mechanisms

=Image sequence=

Graphical passwords frequently require the user to select images in a particular order or respond to images presented in a particular order.

=Image-generated text=

{{seealso|CAPTCHA}}

Another graphical password solution creates a one-time password using a randomly generated grid of images. Each time the user is required to authenticate, they look for the images that fit their pre-chosen categories and enter the randomly generated alphanumeric character that appears in the image to form the one-time password.

=Facial recognition=

One system requires users to select a series of faces as a password, utilizing the human brain's ability to recall faces easily.

= Draw-a-Secret (DAS) =

Draw-a-Secret is a type of graphical password that requires the user to draw a picture over a grid. The user must exactly remember the user-drawn gestures in order to be authenticated.{{Citation needed|date=August 2023}} A larger stroke count corresponds with an increase in security, since it is harder for an attacker to copy the strokes and the order in which they are performed.{{Cite journal|last1=Oorschot|first1=P. C. van|last2=Thorpe|first2=Julie|date=January 2008|title=On predictive models and user-drawn graphical passwords|url=http://dx.doi.org/10.1145/1284680.1284685|journal=ACM Transactions on Information and System Security|volume=10|issue=4|pages=1–33|doi=10.1145/1284680.1284685|s2cid=3849996 |issn=1094-9224|citeseerx=10.1.1.216.5451}}

Weaknesses

When not used in a private setting, graphical passwords are typically more susceptible than text-based passwords to "shoulder-surfing attacks", in which an attacker learns the password by watching the screen, as a user gains access.

References

{{reflist|refs=

Butler, Rick A. (2004-12-21) [http://mcpmag.com/reviews/products/article.asp?EditorialsID=486 Face in the Crowd]. mcpmag.com. Retrieved on 2012-05-20.

[http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1001829,00.html graphical password or graphical user authentication (GUA)]. searchsecurity.techtarget.com. Retrieved on 2012-05-20.

{{cite web |url=http://www.darkreading.com/authentication/security/client/showArticle.jhtml?articleID=228200140 |title=Images Could Change the Authentication Picture |author=Ericka Chickowski |publisher=Dark Reading |date=2010-11-03}}

"Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites">{{cite web|url=http://www.marketwire.com/press-release/Confident-Technologies-Delivers-Image-Based-Multifactor-Authentication-Strengthen-Passwords-1342854.htm|title=Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites|date=2010-10-28|access-date=2015-07-25|archive-date=2013-05-30|archive-url=https://web.archive.org/web/20130530231425/http://www.marketwire.com/press-release/Confident-Technologies-Delivers-Image-Based-Multifactor-Authentication-Strengthen-Passwords-1342854.htm|url-status=dead}}

{{cite web|url=http://cups.cs.cmu.edu/soups/2011/proceedings/a6_Zakaria.pdf|last1=Zakaria|first1=Nur Haryani|last2=Griffiths|first2=David|last3=Brostoff|first3=Sacha|last4=Yan|first4=Jeff|title=Shoulder Surfing Defence for Recall-based Graphical Passwords|work=Symposium On Usable Privacy and Security (SOUPS) 2011|date=20 July 2011}}

}}

Category:Password authentication