In this technique user has to provide some information at the time of registration i.e. text or handwritten design. Usually it is compatible with touch screen devices, pattern selection, signature, images drawn on 2G grid, hints for password etc. Recall based technique has different categories with different methods and ways, (1) Pure recall based technique which includes Passdoodle, Draw a Secret and Signature technique. (2) Cued recall based technique which include PassPoints, Blonder, VisKey SFR, Pass-Go, Drawing Geometry and Passlogix V-Go technique , , -. Our research is on graphicalauthenticationusingimages in sequence that’s why our focus is on Recognition Based Technique.
Blonder  designed a graphicalpassword scheme in which a password is created by having the user click on several locations on an image. During authentication, the user must click on the approximate areas of those locations. The image can assist users to recall their passwords and therefore this method is considered more convenient than unassisted recall (as with a text- based password). Passlogix  has developed a graphicalpassword system based on this idea. In their implementation (figure 9), users must click on various items in the image in the correct sequence in order to be authenticated. Invisible boundaries are defined for each item in order to detect whether an item is clicked by mouse. A similar technique has been developed by sfr . It was reported that Microsoft had also developed a similar graphicalpassword technique where users are required to click on pre-selected areas of an image in a designated sequence . But details of this technique have not been available. The “PassPoint” system by Wiedenbeck, et al. [35-37] extended Blonder’s idea by eliminating the predefined boundaries and allowing arbitrary images to be used.
The aim of this paper is to investigate the reasons behind low commercial acceptance and provide suitable recommendations to overcome them. In the second half of this paper, based on these recommendations, we design a simple graphicalpassword scheme, called USER AUTHENTICATION BY SECURED GRAPHICALPASSWORD IMPLEMENTATION. USER AUTHENTICATION BY SECURED GRAPHICALPASSWORD IMPLEMENTATION is a cued recognition based graphicalauthentication scheme, which allows users to choose both text as well as images as passwords without any specific alternations to underlying authentication design and process. It also blends together the strengths of Numbers, Alphabets and Pictures (NAP) to effectively defeat prevalent forms of social hacking. In this paper we describe the complete design of USER AUTHENTICATION BY SECURED GRAPHICALPASSWORD IMPLEMENTATION and argue for its potential benefits in terms of security and usability. We then provide results of user study and security analysis. Finally, we conclude with the summary of our contribution.
The community of security researchers and practitioners has evolved rapidly in response to threats, on the one hand increasing vigilance in practice and, on the other hand, driving research innovation. Until recently the security problem has been formulated as a technical problem. Even though text passwords are the most popular user authentication method, they have security and us-ability problems. The alternatives for text based passwords such as biometric systems and tokens have their own drawbacks. Graphical passwords, which consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem of creating secure and memorable passwords. A graphicalpassword scheme using click point offers the best alternative for the text password, cued click points are used to exploit the memeorablity of the user that it is fully a knowledge based authentication and is discussed in this paper the security and usability problems associated with alphanumeric passwords as the password problem. The problem arises because passwords are expected to comply with two conflicting requirements, namely
Captcha as a graphicalpassword is click based graphicalpassword when sequence of clicks on an image is used to drive the password. Captcha relies on the gap of capabilities between humans and bots in solving certain security problems. This scheme is used to protect the communication channel between user and web server. We are making the improvement in that techniques, which are the levels of authentication is maintained with the three level Captcha. This technique will be most secure and more reliable in terms of secure authentication. In this technique we used many algorithms for Captcha to be reproduced by itself for every new sign up. For Captcha to be reproduce the algorithms are Decentralizes Centralization, scaling, Transformation, DSA (digital signature algorithm) etc. When user wants to upload any type of file he/she has to select the password type (unsecured, secured, more secured).
Various graphicalpassword schemes have been proposed as alternatives to text-based passwords. Psychology research has proved that the human brain is better at recognizing and Recalling images compare to text. Graphical passwords are intended to capitalize on this human characteristic in hopes that by reducing the memory burden on users, coupled with a larger full password space offered by images, more secure passwords can be produced and users will not resort to unsafe practices in order to Scope .Mostly user select password that is predictable. This happens with both graphical and text based passwords. Users tend to choose memorable password, unfortunately it means that the passwords tend to follow predictable patterns that are easier for attackers to guess. While the predictability problem can be solved by prohibiting user choice and assigning passwords to Users using some standards, this usually leads to usability issues since users cannot easily remember random passwords. Number of graphicalpassword systems has been developed. Study shows that text-based passwords suffer with both security and usability problems. Integration of sound signature in graphicalpasswordauthentication system is designing and developing new model of graphicalpassword which works on click based graphic method, in this method random images are used where user need to select one click per image after selecting image user is requested to select sound signature corresponding to each click Point .
Cued-recall graphicalpassword systems are in use from the Blonder’s scheme . This was the first scheme proposed among graphicalpassword systems. In this scheme, the user is required to click on the pre-selected areas of the previously selected image in a sequence to input the password. Blonder’s technique has many advantages over popular text based passwords. Main advantages are, people find images easier to remember than alphanumeric strings and such password schemes provides more security than text based passwords. However, Blonder’s technique also had some limitations such as predefined regions should be easily identifiable and the number of predefined regions is small, sometimes a few dozen in an image. The password may require many clicks to enhance the security, so it will become a tedious task for the users and it is more prone to shoulder surfing attacks when compared to text based passwords. Wiedenbeck et al., proposed PassPoints , by extending Blonder’s idea. This scheme also considered the limitations of the Blonder’s technique and tried to overcome some of its major drawbacks. Passpoints eliminated the predefined boundaries and allows any dynamic image to be used. The users can click on any place in the image arbitrarily to create a password as the password space is not limited. For a successful log in, the users have to click on the previously chosen click points within a specified tolerance level and also in the same order as in the time of registration. An image may contain thousands of potentially memorable click points, so the password space of this is quite large compared to Blonder’s scheme. However, some limitations existed even after Passpoints, as users find it difficult to ensure click points within tolerance level and increasing the tolerance level reduces the security.
The aim of this paper is to investigate the reasons behind low commercial acceptance and provide suitable recommendations to overcome them. In the second half of this paper, based on these recommendations, we design a simple graphicalpassword scheme, called SECURE GRAPHICALPASSWORDAUTHENTICATION is a cued recognition based graphicalauthentication scheme, which allows users to choose number, text as well as images as passwords without any specific alternations to underlying authentication design and process. It also blends together the strengths of Numbers, Alphabets and Pictures (NAP) to effectively defeat prevalent forms of social hacking. In this paper we describe the complete design of SECURE GRAPHICALPASSWORDAUTHENTICATION and argue for its potential benefits in terms of security and usability. We then provide results of user study and security analysis.
Graphicalpassword provides more security than alphanumeric password. Most of the alphanumeric authentication chooses a plain text or easy password to avoiding the confusion. whenever we confirm the alphanumeric password there is some hint option provided, using this hackers can easily gain entry to the system in less time. Most of the system provides image related password i.e. Graphicalpassword. In this method selectable images are used , user can have more number of images on each page and among all of this password is selected. Images are different for each case, so if hackers try to match the each combination to find the correct password it will take millions of year. In alphanumeric password eight characters password is needed to gain entry of particular system, but in graphicalpassword user have to select the images that in front of him/her and confirm the password. Whenever user pass through the authentication process it is easy to remember images whatever they have chosen previously. Graphicalpassword is providing more memorable password than alphanumeric password which can reduce the burden on brain of user.
email service.Our usability study of two CaRP schemes we have implemented is encouraging. For example, more participants considered AnimalGrid and ClickText easier to use than PassPoints and a combination of text password and Captcha. Both AnimalGrid and ClickText had better password memorability than the conventional text passwords. On the other hand, the usability of CaRP can be further improved by usingimages of different levels of difficulty based on the login history of the user and the machine used to log in. The optimal tradeoff between security and usability remains an open question forCaRP, and further studies are needed to refine CaRP for actual deployments.
SFR company  developed a scheme for mobile devices user has to select an image from the images stored in the device and tap on the spots in sequence this sequence is registered. To login user has to tap at same spots as and should be in registered sequence. The Inputs are within a certain tolerance area around it pre- defined by users, since it is difficult to touch at same exact spots. If input precision is large password will be easy to crack on the other hand if it is small it will be difficult for the user to tap at exact points. In visKey no of spots must be larger to prevent against brute force attacks .
ABSTRACT: Textual password is most coomn method use for passwordauthentication. In today’s use of internet is increasing day by day. For security purpose the user selects password, that password are text based passwords or graphical passwords. Most of the user uses text based password because that are easy to remember. But main disadvantage of using text based passwords are many attacks can happen like eavesdropping attack, dictionary attacks, denial of service attacks. To overcome the disadvantages of text based password new graphical passwords are used. Click based graphicalpassword scheme offers a novel approach to address the well known image hotspot problemin popular graphicalpassword systems, such as PassPoints, that often leads to weakpassword choices. So to provide user friendliness and also the protection from various security attacks use of graphicalpassword is important. In this, graphicalpassword scheme, the click event isperformed on various points on same or different images.
We are proposing a system for graphicalpasswordauthentication with the integration of sound signature. In this work, Cued Click Point scheme is used. Here a password is formed by a sequence of some images in which user can select one click-point per image. Also for further security user selects a sound signature corresponding to each click point, this sound signature will help the user in recalling the click points. The system showed better performance in terms of usability, accuracy and speed. Many users preferred this system over other authentication systems saying that selecting and remembering only one point per image was aided by sound signature recall.
Graphical passwords may offer better security than text-based passwords because most of the people, in an attempt to memorize text-based passwords, use plain words (rather than the jumble of characters). A dictionary search can hit on a password and allow a hacker to gain entry into a system in seconds. But if a series of selected images is used on successive screen pages, and if there are many images on each page, a hacker must try every possible combination at random.
Here, a graphicalpassword system with a supportive sound signature to increase the remembrance of the password is discussed. In proposed work a click-based graphicalpassword scheme called Cued Click Points (CCP) is presented. In this system a password consists of sequence of some images in which user can select one click-point per image. In addition user is asked to select a sound signature corresponding to click point this sound signature will be used to help the user to login. System showed very good Performance in terms of speed, accuracy, and ease of use. Users preferred CCP to Pass Points, saying that selecting and remembering only one point per image was easier and sound signature helps considerably in recalling the click points.
In the image based system, the user will be provided with a set of images when he/she signs up. The user can also upload photos from his/her own device. After that, the images will be shuffled by the shuffling algorithm mentioned above. In this case , each image will be divided into a number of boxes , that is , a 7*11 matrix. This is called a Pass matrix. Now , these boxes will be shuffled . The image will remain the same , just the row and column value will be shuffled.
Graphicalpassword schemes have been proposed .They are classified in to three categories: recognition, recall and cued recall. A recognition-based scheme requires an image is stored in the database is used at the time of registration. During authentication user need to choose image points exactly. This process is repeated for several rounds when the user matches the clickable points exactly with original points. There is path among rows and column labels which can be identified by the user. This procedure is repeated, each time with alternate panel. An effective sign in requires that clickable points are not correct the given procedure is repeated when the password matches the original password. AS is recall based plan are proposed to this CaRP. In a cued-recall scheme, an outside signal is given to recollect and enter a secret password. Pass points is an extensively concentrated on click based cued-recall scheme wherein a client’s clicks a succession of points wherever on a picture in making a secret key , and re-clicks the similar sequence and verification. CCP is pass points however use one picture for every click, with the following picture chose by deterministic function. Among these three sorts, recognition is viewed as the least difficult for human memory though pure recall is the hardest. Recognition is routinely the weakest in guessing attacks proposed recognition-based. Plans for all intents and purposes have a secret key enter space in the range of 213 to 216 secret key. A study of reported that a significant bit of passwords of DAS and pass go were adequately with guessing attacks using dictionaries of 231 to 241 passwords. Picture contain hotspots, spots likely choses in making passwords. Hotspots were exploit to successful guessing attacks.
Text passwords are the most prevalent user authentication method, but have security and usability problems. Replacements such as biometric systems and tokens have their own drawbacks .Graphical passwords offer another alternative, and are the focus of this paper. Graphical passwords were originally defined by Blonder (1996). In general, graphical passwords techniques are classified into two main categories: recognition-based and recall based graphical techniques. In recognition based ,a user is presented with a set of images and the user passes the authentication by recognizing and identifying the images he selected during the registration stage. In recall based graphicalpassword, a user is asked to reproduce something that he created or selected earlier during the registration stage. This paper is based on recall based Technique.
This method is very usable and provides great security using hotspot technique. By taking advantage of user’s ability to identify images and the memory trigger connected with seeing a new image. Cued Click Point is more secure than the previous graphicalauthentication methods. AES (Rijndael) algorithm provides safer and secured encryption and decryption of files to the users. AES works quickly and efficiently even on small devices such as smart phones. AES algorithm increases the workload for attackers by forcing to decrypt a file two times to hack the file’s data. It provides security to user at the authentication level and also provides AES techniques for secured file maintenance in the cloud environment.
For creating Persuasive Cued Click Points persuasive feature is added to cued click points. PCCP  encourages users to select less predictable passwords. For password creation PCCP uses terms like viewport & shuffle. In the registration phase the images are slightly shaded except for a viewport as shown in the figure. Thus eliminates the hotspot problem of CCP. The most useful advantage of PCCP is attackers have to improve their guesses. Users have to select a click-point within the highlighted viewport and cannot click outside of the viewport unless they press the shuffle button to randomly reposition the viewport. At the time of password creation users may shuffle as often as desired but it slows the process of password creation. Only at the time of password creation, the viewport & shuffle button appears. After the password creation process images displayed normally without the viewport & shuffle button. Then user has to select correct click on particular image. PCCP is a good technology but has security problems. Fig.4.7 shows the password creation process including viewport & shuffle button.