Based on predetermined clickpoint grids graphical passwordscheme, an improvement on DAS (in term of grids) techniques was developed by Hai Tao in 2006. This technique was known as PassGo. It design based on old Chinese board game known as GO. PassGo was design to suite computer based used and can be implement on bigger grids that increase password space for DAS-type graphical passwordscheme. This method however does not show any similarity with DAS technique where there is no free move drawing work requires on authentication process. This method is better suite repeating a selection technique. In this technique, user is requiring to touch on grid intersection instead of grids cells symmetry drawing (Tao, H., 2006) on authentication process. The touch grid is determined by user during enrolment process. This method was also designed with graphical referencing aided which look like a checker board for each 9 by 9 grids.
In 2012, pixel value graphical passwordscheme  was introduce to solve the previously developed graphical password complexity and password vulnerability. Before its development, most of the graphical passwordscheme was involving click on image password such as Blonder’s method  and PassPoint method . By the end of 2010, click-based method was implemented widely as the additional log in security media . There are also a few developments on draw-based graphical password such as signature drawing  and PassGo method . Some of the developed graphical passwordscheme is complex as a method by Sobrado &
Abstract: Security based primitives is emerging in exciting new paradigm for protection, but has been underexplored. In this paper a new security primitive is used called as click based graphical passwordscheme, which comes under the family of graphical password systems which is one of the top technology called Captcha which we call Captcha as graphical passwords (CaRP). Consumers usually choose passwords that are unforgettable and are easy for aggressors to guess, but the strong system allotted passwords are hard for users to recall. Mostly protection primitives are based on complex and difficult mathematical complications. Utilizing Artificial Intelligence problems for security is issuing as a new prototype. A new protection primitive is introduced based on strong and complex AI problems which is known as Captcha as Graphical Password (CaRP). Notably, a CaRP based password can alternatively be detected by automatic online estimating attacks. CaRP it extends sensible protection and usability and comes out to fit well with some practical examples for bettering online security
Vemuri et al proposed a 3-level security  where text based authentication, image based authentication and OTP to email are used at first, second and third level respectively. Here, introduction of various levels increments security. Even if an intruder is able to cross first two levels, crossing third level requires intruder to have an access to the original user’s email id. A 3-level password authentication scheme by Varghese et al  uses image ordering, color pixels and the one time password. In this scheme OTP generation is accomplished using SHA-1and MD5. A unique 3 Level Authentication and Authorization system presented by Meena et al  uses a combination of recognition and recall based techniques. First level is based on username-password authentication. At second level user identifies the image that he had set his click points on, during registration phase from a grid of 16 images. At third level an OTP is delivered to user on his registered number that he has to submit to complete authentication. Aldwairi et al  proposed a multistage authentication system that consists of three different stages based on two authentication factors. First stage uses possession based factor- devices’ serial number where system checks the device serial number to authenticate the user .The second stage uses knowledge based graphical passwordscheme where user has to highlight at least m right squares from a grid of n independent squares. In the final stage, he has to select s images in a specific order to get authenticated.
Hence the existing system consists of registration of users will be presented with an image of where it may have sequence of clicks to create the passwords. During the login time the user will be asked to make the same sequence of clicks on the same image to login. The proposed scheme is based on multiple images with a sequence of clicks. Hence it increases the combination rate of guessing attack which provides higher security. It has the length of the sequence based on user preference.
Secret Sharing was described in 1979 independently by Shamir and Blakley and has since triggered numerous papers describing properties and uses of secret sharing schemes. The canonical use of secret sharing schemes is to distribute a long term key, such as a private key to a major bank, in a manner that prevents a single break-in from compromising the entire system. Recently this mechanism has been used to distribute the long term key signing key of the Domain Name System Security Extensions (DNSSEC) root zone with a ( )-threshold scheme . In the event of the necessity to generate this key, 5 of these 7 individuals will have to meet at a base in the United States.
Our study analyses the challenges in developing secure graphical password schemes as well as guidelines set in existing literature for secure graphical schemes and from that define a set of rules defining a model for a secure graphical passwordscheme. We note from literature that for secure and efficient visual password schemes, the allowed passwords should be easy to remember for ease of usability for the user but also be complex to offer resistance to guessing and shoulder-surfing attacks. From this we observe that the success of a visual passwordscheme is highly dependent on the type of images the passwordscheme uses. The current implementations of visual passwords have all been shown to be problematic after analysis through user trials. Searchmetric password schemes pose problems in having to allocate memory to store the passwords and their associated decoys while locimetric and drawmetric schemes pose problems for users trying to precisely reproduce their password as originally drawn. All visual passwordscheme are further shown to be more prone to shoulder-surfing attacks as they are bigger are thus more visible than textual passwords. We conclude that an efficient visual passwordscheme should therefore take into account properties stated in Table 1.
The most common computer authentication method is to use alphanumerical usernames and passwords. This method has been shown to have significant drawbacks. For example, user tends to pick passwords that can be easily guessed. On the other hand, if a password is hard to guess, then it is often hard to remember. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical passwordscheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.
The most common computer system uses the password schemes for security purpose. We develop Graphical password as alternatives to biometry and text password.becouse text password is hard to remember and graphical password is easy to remember for human being. Our graphical passwordscheme is recognition-based not the recall based. In this paper, we present invovative graphical password which is combination of Text, Number and Images. The user start with identifying the symbol from 6*6 grid formed using 36 blocks which contains 26 alphabets, 10 numbers that is 0 to 9 and images to effectively defeat prevalent from social hacking, at time of registration user have to select 4 alphabet and 2 numbers and for login user have to remember only six images in order ,if order is mismatched you cannot login. In this we use remote keyboards and disable of mouse right click.
From last many years, the most popular user authentication approachis the text-based passwordscheme in which a user entersa login name and password for getting access to any kind of application on the computer system. After some years we come to know that, despite of its wide usage, thetextual passwords have a number of short comes. Thesimple and straightforward textual passwords are easy toremember, and at the same time they are more vulnerable for attackers tobreak . So to avoid this one should enter the complex and arbitrary passwords that makes the system more secure, resisting the brute forcesearch and dictionary attacks, but the difficulty lies inretaining them , as with the growing use of digital activities any single users have many numbers of password. But instead of all that, textual passwords areliable to the shoulder-surfing, hidden cameras, and spywareattacks.
This region based authentication passwordscheme happens between the cloud user accessing cloud services and local server, cloud service providers. The figure 1 shows cloud user selected gestures on an image. The figure 2 shows the overall working of the scheme. Initially the cloud user (1) connects with the local server and (2) acknowledgement is sent to the cloud user, after successful connection establishment. In this process if the cloud user is not registered, the user selects gestures (3) on image position, size and gesture parameters which are stored in a local server. If the cloud user is registered, new selected gestures is validated with the old saved gestures(4) in the local server. After a successful local server establish connection between the cloud user and service provider.
The 4D passwordscheme combines features of all the existing authentication schemes like text and graphics passwords, biometric scanning techniques, token recognisation schemes and adds two new features i.e. it uses a virtual 3D environment and a gesture recognisation system. It is also a very powerful against attacks. The first two layers text and graphics can be easily broken via conventional brute force and shoulder surfing techniques. The 3D layer is harder to crack but the addition of gestures makes it stronger since gestures are based on an individual person and his physique which is something the attacker cannot replicate. Also 4D Passwordscheme ensures that the user is physically present to access the system and hacker is not hacking the system remotely.
ABSTRACT: The 3d password is multi_password & multifactor declared system as it uses different techniques such as textual password. Most important part of 3d passwordscheme is involved of 3d virtual environment. The sizeable increase of computer usage has given growth to many security concerns. One main security concern is declared, which is the process of ratify who you are to whom you claimed to be. In this paper we have introduced our donation towards 3D Password to become more secure & more users pleasant to users of all categories. This piece also extension regarding what is 3D password, working of 3D password design, some arithmetic thought linked to 3D password, applications of system etc. The majority imperative fraction of 3d open sesame proposal is enclosure of 3d fundamental background. A 3d practical background consists of authentic moment in time objective scenario. It is not an authentic existent instance environment, it is just a consumer boundary provide to method which look like a real atmosphere. This authentication format is other highly urbanized than any supplementary scheme as we can coalesce any accessible or forthcoming scheme. Moreover this proposal is tough to split & uncomplicated to bring into play. In this dissertation we have introduce our payment towards 3D secret word to compose it more safe and sound & more intelligible to user of all category. This document also explain functioning of 3D secret word proposal, some arithmetic impression interrelated to 3D open sesame, application of method etc. These entire concepts are momentarily introduced & explain in this manuscript segment clever.
passwords will continue to be in use for quite some time . Traditionally, password authentication schemes require that whenever a user logs in, the submitted password is verified with the already stored password table in the system. Although this method can prevent the passwords from being disclosed, there are several issues. This method is not resistant to replaying previously intercepted password and the contents of the plain password table can be modified by a malicious personality . According to Taekyoung , the user passwords have very low entropy and they are hard to transmit securely over an insecure channel. Secondly, the password files are hard to protect. Taekyoung further suggests that, to be effective, this password- based solution should have an amplified passwordscheme and an amplitude password file, which is similar to the concepts underlining the Zero-Knowledge proofs. Taekyoung describes a new efficient password-based protocol for defeating the guess- based attack. Their protocol uses a one-time pad to encrypt the session key securely and a strong one-way hash function for integrity.
OTSSPAS successfully addresses the 13 promi- nent password-related attacks. A password file compromise on the server will only result in leaking the temporary User Verifiers, UV and the Password Verifier, PV, but not the Message Authentication Code ( MAC ) which is actually used in verifying both verifiers. The use of the MAC has also provided a One-Time Server Spe- cific PasswordScheme for OTSSPAS because the MAC used in identifying each user is com- puted dynamically with respect to the challenge the user receives from the server as well as the server’s identity. Hence, OTSSPAS is clearly resilient to message replay attack, and malicious server attack. The server is involved with only a total of 4 computations of a one-way forward hash function in order to authenticate each user in OTSSPAS. This shows that the computational load on the server is less, which in turn enhances the efficiency of OTSSPAS. Finally, the evalua- tion results show that OTSSPAS can prevent 13 related password attacks.
Shoulder surfing attack can be minimized using text and color based on graphical passwordscheme that was proposed by . This method needs the user to choose the length of the password which is between 8 to 15 characters and chooses one color as his pass color from 8 colors that are given by the system. As the seven colors remaining, it will be the decoy colors. As usual, users also need to register an e-mail address for re-enabling his account when he enters a wrong password. The most important things in this scheme are user need to carried the registration process in an environment that is free from shoulder surfing. During the login process, a circle will display which is composed of 8 sectors of equal size when a user sends a login request. The colors of the arcs of each sector are different that can be identified by the color of its arc. Besides, there is a button for rotating the circle clockwise, anti-clockwise, the “confirm” button and the “login” button as well . The user has to rotate the sector which contains the characters of the password and has to move the character in the sector which color is selected by the user until they have their password. As the conclusion, the system that proposed which uses text and color based graphical password is useful to reduce the shoulder surfing attack. Using this authentication method, the user can log in the system without caring about shoulder surfing because they can enter their password without using the physical keyboard. The user can also easily and efficiently login to the system if they use this authentication method as they are familiar with both passwordscheme that is textual password and color based graphical password.
Abstract-- Nowadays, user authentication is one of the important topics in information security. Text-based strong passwordscheme can provide security to a certain degree. However, the fact that strong passwords being difficult to memorize often leads their owners to write them down on papers or even save them in a computer file. Recently, many networks, computer system and Internet-based environments try using graphical authentication techniques as their user’s authentication. Here we are presenting proposed scheme as Graphical password authentication Scheme based on Color Image Gallery which is very useful for any computer related application such as web authentication, desktop &laptop logins, critical servers. Keywords--- Graphical Password, Image Recognition
Abstract: A new security primitive for new graphical authentication scheme based on hard artificial intelligence problems. Number of graphical passwordscheme has been proposed as options to traditional to text password authentication, namely a new family of graphical password system for Captcha technology with the level of security. We propose a new scheme using CAPTCHA (Completely Automated Public Turing Tests to Tell Computers and Humans Apart) that continuing the advantages of graphical password system; Graphical password using Captcha (RPuC) is a both Captcha and graphical passwordscheme, RPuC covers a number of security problem altogether, such as online guessing attack, relay attack and shoulder-surfing attacks. The level of security maintained and is improved here by the level Captcha we also developed the primitives options for securing the password and for uploading or downloading the data or file from server. Moreover, some primary tries out are conducted and the outcome indicate that the usability should be improved in the future work.
is 64 bits each and h(·), random nonce returns 128 bits each. The communication cost (capacity of transmitting message) of proposed scheme and related scheme  is 640 bits = (128 + 128 + 128 + 128 + 128) and 1024 bits = (128 + 128 + 128 + 128 + 128 + 128 + 128 + 128) respectively. Also the storage cost (stored into the memory of smart card) takes almost same bits of proposed scheme and their scheme that is 640 bits, 512 bits respectively. Table 4 shows that their scheme is insecure against different possible attacks. Further proposed scheme provides strong authentication against different attacks described in section 5. After resisting all possible attacks of related scheme, proposed scheme provides low computational and low communication cost than their scheme. Hence the proposed scheme is more efficient and secure than Ratan- Sanjay’s scheme.
Passwords are used from ancient times itself as the unique code to detect the malicious users. In modern times, passwords are used to limit access to protect computer operating systems, mobile phones, and others. A computer user may need passwords for many uses such as log in to personal accounts, accessing e-mail from servers, retrieving files, databases, networks, web sites, etc. Normal passwords have some drawbacks such as hacked password, forgetting password and stolen password. Therefore, strong authentication is needed to secure all our applications. Conventional passwords have been