There are many things that are ‘well know’ about passwords; such as that user can’t remember strong password and that the passwords they can remember are easy to guess. A passwordauthenticationsystem should encourage strong and less predictable passwords while maintaining memorability and security. This passwordauthenticationsystem allows user choice while influencing users towards stronger passwords. The task of selecting weak passwords (which are easy for attackers to guess) is more tedious, avoids users from making such choices. In effect, this authentication schemes makes choosing a more secure password the path-of- least-resistance. Rather than increasing the burden on users, it is easier to follow the system’s suggestions for a secure password - a feature absent in most schemes. We applied this approach to create the first persuasiveclick-based graphicalpasswordsystem, PersuasiveCuedClick- Points (PCCP) and conducted an in lab-lab usability study with 10 participants. Our results show that our PersuasiveCuedClick Points scheme is effective at reducing the number of hotspots (areas of the image where users are more likely to select click points) while still maintaining usability. In this paper also analyse the efficiency of tolerance value and security rate.
password information onscreen for an even shorter period. The onlooker is not given a chance to observe a complete user password onscreen . Forget , et la. Proposed a gaze-based authenticationsystem called Cued Gaze-Points (CGP) and designed to resist shoulder surfing problem. It is a cued-recall graphicalpassword scheme using eye-gaze as an input mechanism  where users select points on a sequence of images with their eye-gaze instead of mouse- clicks. The main idea of the scheme is to make it difficult for onlooker see the login credential through mouse movement and clicking. Haichang et al. designed a recognition-based scheme inspired by DAS drawing input method and the association mnemonics in Story for sequence retrieval was proposed . This scheme is an improvement of Story scheme and has a wanted usability for PDAs. In this scheme, to create a password, user chooses several images from the set as his/her pass-images which are connected mentally with a story to remember them correctly during authentication. To authenticate, user draws a curve across both pass-images and decoys in the right order. The drawing input trick along with the complementary measures, such as erasing the drawing trace, showing tainted images, and starting and ending with randomly designated images provide a good resistance to shoulder- surfing . Another textual-graphicalpassword scheme designed to provide resistance against Shoulder-surfing is S3PAS  . The acronym stands for Scalable Shoulder- Surﬁng Resistant Textual-GraphicalPasswordAuthentication Scheme . The scheme exists in three different variants and each serves different security environments.
In this paper,we present an approach usingcuedclickpoint (CCP) under graphicalpassword that permits to enrich authentication technique of graphicalpassword in(CCP). Our literature studies shows various limitations for textual passwords, they are exposed to shoulder surfing attack however strong textual passwords are tough to memorize. Graphical Passwords are introduced to resist the Shoulder surfing attack. .Looking at the success of this system , usinggraphicalpassword as input and grid lines for image point verificationand enrich it to provide security using normal login and graphicalpassword. This system can be used in the field such as banking application, military application, civilians, forensic labs, etc.
To remove the shoulder surfing attack and to provide the security on the click points of the user’s password, AES algorithm is applied on the click points and in PCCP technique the system divide the images into 16 different grids on which users will click, after clicking on the image first time that particular grid will be expanded and displayed in the front of the user like this the image will be divided till the third click by the user. After selecting an image the user can upload the image for further process. PCCP uses one clickpoint on three different images shown in sequence. Place where the user will click the x and y coordinate of the image is taken by the system and on value of x and y the advanced encryption Standard algorithm is applied and after encryption whatever the value of the x and y coordinate is coming that information is stored in to the database for authentication purpose.
The aim of this work is to provide 3 levels in terms of security for transaction in banking applications.To avoid unauthorized people accessing an information system, textiual password ,CCP (CuedClick Points) and keystroke dynamics based authentication (KDA) systems combine password knowledge with typing characteristics to enhance the security of passwordauthentication systems.
The CuedClick Points scheme shows promise as a usable and memorable authentication mechanism. By taking advantage of user’s ability to recognize images and the memory trigger associated with seeing a new image, CCP has advantages over Pass Points in terms of usability. The existing system is Pass Points proposed passwords which could be composed of several points anywhere on an Image.
The claimed advantages are that password entry becomes a method of true cued recall type, wherein each image triggers the memory of a corresponding click-point. Remembering the order of the click-points is not a requirement on user, as the system presents the images one at a time. CCP also provides a feedback of implicit, which is claimed to be useful only to legitimate users. When logging on, seeing an image they do not recognize alerts users that their previous click-point was incorrect and users may restart password entry. Explicit indication of authentication failure is only provided after the final
For creating PersuasiveCuedClick Points persuasive feature is added in to the CCP. PCCP i.e. PersuasiveCuedClickPoint encourages users to select less probable passwords. For password generation PCCP uses required the viewport & the shuffle. When the users making a secrete word, the images are a little monochromic except for a viewport for to avoid known hotspots the viewport is positioned casually. The most useful benefit of PCCP is hackers have to improve their presumptions. Users have to choose a clickable area within the highlighted viewport and cannot click outside of the viewport unless they press the shuffle button to randomly reposition the viewport. At the time of password creation users may shuffle as often as it required but it leads in to the slowdown of the password generation process. During the password generation process only the shuffle and the viewport buttons are displayed. After the secrete word generation process (graphicalpassword generation), graphical images are presented to users casually without the shuffle and viewport button. Then user has to choose exact clickable area on particular image. Now a day’s PCCP is a best technology but has security problems. Using this method HOTSPOT problem is reduced.
Here we discuss some graphicalpassword systems based on recognition or cued recall of images. Most existing systems are based on recognition. The best known of these systems are Passfaces and Déjà Vu . Brostoff and Sasse (2000) carried out an empirical study of Passfaces, which illustrates well how a graphicalpassword recognition system typically operates. To create a password, the user chose four images of human faces from a portfolio of faces. To log in the user saw a grid of nine faces, which included one face previously chosen by the user and eight decoy faces. The user had to click anywhere on the known face. This procedure was repeated with different target and decoy faces, for a total of four rounds. If the user chose all four correct faces, he or she successfully logged in. Data from this study suggest that Passfaces are more memorable than alphanumeric passwords. A small study of the use of Déjà Vu came to the same conclusion. With a few thousand random guesses an attacker would be likely to find the password. To increase security similar to that of 8-character alphanumeric password, 15 or 16 rounds would be required. This could be slow and annoying to the user. Blonder-style passwords are based on cued recall. A user clicks on several previously chosen locations in a single image to log in.
Vemuri et al proposed a 3-level security  where text based authentication, image based authentication and OTP to email are used at first, second and third level respectively. Here, introduction of various levels increments security. Even if an intruder is able to cross first two levels, crossing third level requires intruder to have an access to the original user’s email id. A 3-level passwordauthentication scheme by Varghese et al  uses image ordering, color pixels and the one time password. In this scheme OTP generation is accomplished using SHA-1and MD5. A unique 3 Level Authentication and Authorization system presented by Meena et al  uses a combination of recognition and recall based techniques. First level is based on username-passwordauthentication. At second level user identifies the image that he had set his click points on, during registration phase from a grid of 16 images. At third level an OTP is delivered to user on his registered number that he has to submit to complete authentication. Aldwairi et al  proposed a multistage authenticationsystem that consists of three different stages based on two authentication factors. First stage uses possession based factor- devices’ serial number where system checks the device serial number to authenticate the user .The second stage uses knowledge based graphicalpassword scheme where user has to highlight at least m right squares from a grid of n independent squares. In the final stage, he has to select s images in a specific order to get authenticated.
that are alphanumeric in nature. However, users find it difficult in remembering a password that is long and needs to be recalled again and again while implementing it. Instead, they create short, simple, and insecure passwords that make the user’s data vulnerable to outside attacks. Graphical passwords provide a way out of this dilemma by making passwords more rememberable and easier for people to use as a password and, therefore, makes it more secure. Using a graphicalpassword, users clicks on images rather than typing text passwords which contains alphanumeric characters. A new and more secure graphicalpasswordsystem has been developed which uses image segmentation. The image segmentation system presents the user with an image upon which the user selects a number of grids on this image; when entered in a proper sequence these points authenticate the user. The findings showed alphanumeric passwords and graphical passwords both worked in similar time but the graphical passwords were easier to recall and remember. Thus, Graphical passwords were found to be hard to crack as they are newly implemented and not many algorithms have been devised to break through them.
During password creation the part of an image which is less guessable is highlighted and user has to select the click-point within the highlighted portion and if the user is unable to select the click-point, then the user can move towards the next highlighted portion by pressing the shuffle button. The highlighted part of an image basically guides users to select more random passwords that are less likely to include hotspots. Therefore this encourages users to select more random, and difficult passwords to guess. During Login, images are displayed normally and user has to select the clickpoint as chosen at the time of password creation, but this time highlighted portion is not present as it only provides the system suggestion.
passwords as memorization of pictures is easier than words. So other systems which we have discussed have been developed to overcome the problems of predefined regions, predictable patterns and password attacks, a new method called CuedClick Points (CCP) is a proposed as an alternative to PassPoints. In addition selection of the sound signature can be done corresponding to each clickpoint which can be used by the user in recalling the clickpoint on an image. In the CCP technique the users are required to remember only one point in one image and the next image is displayed only when the user clicks on the clickpoint of previous image correctly. A graphicalpasswordsystem with a supportive sound signature is much more helpful as it helps to increase the remembrance of the password and has shown very good performance.
significant topics in information security. Text-based strong password schemes could provide with a certain stage of security. However, the fact that strong passwords being difficult to memorize often leads their owners to write them down on papers or even deliver them in a computer file. Graphicalauthentication was proposed as an alternative to text passwords as it is easy to remember and provides better security. Nowadays graphical techniques are used for authentication by many networks, computer systems, and Internet-based environments. This paper presents a review of the recognition based and recall based authentication algorithms and finally describing the proposed systems called cuedclick points and persuasiveclick points for better security usinggraphical passwords.
ABSTRACT: Textual password is most coomn method use for passwordauthentication. In today’s use of internet is increasing day by day. For security purpose the user selects password, that password are text based passwords or graphical passwords. Most of the user uses text based password because that are easy to remember. But main disadvantage of using text based passwords are many attacks can happen like eavesdropping attack, dictionary attacks, denial of service attacks. To overcome the disadvantages of text based password new graphical passwords are used. Click based graphicalpassword scheme offers a novel approach to address the well known image hotspot problemin popular graphicalpassword systems, such as PassPoints, that often leads to weakpassword choices. So to provide user friendliness and also the protection from various security attacks use of graphicalpassword is important. In this, graphicalpassword scheme, the click event isperformed on various points on same or different images.
Today computer has become a integral part of our day today life. The computer applications from all sorts of areas from business to banking and many more. The applications hold data and details of all the transaction a organization does. So to protect the applications authentication techniques like textual passwords with various strengths are used which help to protect a application. The vulnerabilities of textual password to method like eves dropping, dictionary attack, social engineering and shoulder surfing are well known. Random and lengthy passwords can make the system secure. But the main problem is the difficulty of remembering those passwords. Studies have shown that users tend to pick short passwords or passwords that are easy to remember. Unfortunately, these passwords can be easily guessed or cracked. Biometric based authentication and Knowledge based authentication. Most of the web application provides knowledge based authentication which include alphanumeric password as well as graphicalpassword. In today’s changing world when we are having number of networks and personal account some sort of easy authentication schema need to be provided. This paper provide textual password related to graphical image and provide four cuedpoint on 3D graphical image
Very little research has been done to study the difficulty of cracking graphical passwords. Since the graphical passwords are not broadly used in practice, there is no description on valid cases of breaking graphical passwords. Here we examine some of the feasible techniques for breaking graphical passwords and try to do a comparison with text-based passwords. Easily hackers are identify the text passwords because there are only110 key words are there instead of that we can use graphicalpassword there are many pixels are there per image so hackers are difficult to identify the Image, Thumb impression, digital Signatures, mobile passwords. Image, Thumb impression, digital Signatures, mobile passwords are an alternative to text passwords; user is easily to remember an image (or parts of an image) instead of a word. Three click-based graphicalpassword schemes: Pass Points and two variants named CuedClick- Points and PersuasiveCuedClick-Points. In CCP and PCCP, a user clicks on a single point on each of five images, where each image (except the first image) is dependent on the previous click-point. By using these PCCP we can provide the authentication for user’s passwords and valuable information.
In recent years the usability of information based endorsement system is essential to support users in selecting passwords with top security. By the logic of being from an expanded effective security space. In Digital technology endorsement is very significant. The main aim of this knowledge based authenticationsystem is to afford users in selecting passwords with high protection for digital equipment. Many of the different graphicalpassword schemes have been derived as unconventional to content based passwords. We have different methods those uses special cryptogram and alphanumeric characters to create passwords. But using of these methods there is a prospect of hacking the passwords easily by attackers and third parties. And identification those passwords’ consisting of symbols and special characters is very complicated. By using text based passwords we have some usability and sanctuary problems. In this paper we present an incorporated evaluation of the PersuasiveCuedClick Points graphicalpasswordsystem for providing authentication and enlightening graphicalpassword methods so that to decrease the cost and usage. It includes usability and security evaluations, and execution considerations. We use persuasion to manipulate user choice in click-based graphical passwords, encouraging users to select extra random, and hence more difficult to estimate, click- points.
create password user can selects any pixel in the image as a click-points for their password. The limitation of this method is the HOTSPOTS and attackers can easily guess the password because user forms certain pattern to remember the secret code so that pattern formation attacks are easily possible. In CuedClickPoint  in that CCP uses one click-point on five different images in sequence instead of five click points on one image. The next image displayed is based on the previously entered the clickpoint on the image. Limitation of this method is false accept (system can be accept incorrect clickpoint) and false reject (system can be reject correct clickpoint).this method reduced the pattern realization attack but HOTSPOT problem is still present. And also in biometric authentication there are various biometric scheme in the literature such as face, retina, fingerprint/palm print Iris, etc. but in hand based biometric scheme like in palm print  and finger print the palmer part of the hand is more susceptible to spoof attacks and also people unconsciously leave their palm and finger prints on the object whenever they touch. And also in finger knuckle  which are more difficult to forge and in face recognition the face characteristics changes with the age of an individual.
Graphical passwords may offer better security than text-based passwords because most of the people, in an attempt to memorize text-based passwords, use plain words (rather than the jumble of characters). A dictionary search can hit on a password and allow a hacker to gain entry into a system in seconds. But if a series of selected images is used on successive screen pages, and if there are many images on each page, a hacker must try every possible combination at random.