In our scheme user initially registers himself to the server. He enters his personal information along with his username and password. This User name and password are given as input to the neural network. The Username has to be mapped to the password. Initially random weights are taken for the neural network. We employed Back Propagation Algorithm for this mapping as a learning algorithm and obtain the weights after performing the training. These weights are the best weights that are obtained with which we can perform mapping. These weights are stored in the Server side as user information. Every time the user logs in, he was provided with a login image which was randomly generated containing 66 characters randomly scattered. User with the help of his known password identifies his pass triangles according to our S3PA scheme. He identifies the pass triangles clicks all the pass characters successfully. After successfully giving appropriate pass clicks he enters his user name and click on submit. Then the Image coordinates are sent to the server along with the click point coordinates. Then we check at the server side whether the user enters all the pass clicks correctly. If he does then he is an authenticated user. The following series of figures clearly explains the different stages of our scheme. Initially username and password are given to the network this is explained in the figure below.
A graphical based password is one capable alternative of textualpasswords. According to p e r s o n p s y c h o l o g y , h u m a n s a r e a b l e t o m e m o r i z e p i c t u r e s s i m p l y . Users a r e c r e a t i n g unforgettable passwords like text and symbols passwords that are easy for crack and hackers to guess, but strong system-assigned passwords are difficult for users to remember. Computer security systems should also consider the human factors such as ease of a use and accessibility. Present secure systems undergo because they typically ignore the importance of human factors in security. Graphicalpasswords are intended to capitalize on this human characteristic in hopes that by reducing the memory load on users, coupled with a larger full password space offered by Image, Thumb impression, digital Signatures, mobile passwords, more secure passwords can be produced and users will not resort to insecure practices in order to extent.
authentication method. Strong textualpasswords are hard to memorize. To address the weakness of textual password graphicalpasswords are proposed. Click based or pattern based approaches are widely used techniques for mobile authentication system. Such textual and graphicalpasswords a scheme suffers from shoulder surfing attacks. Attacker can directly observe or can use video recorder or webcam to collect password credentials. To overcome the problem, shoulder surfing attack resistant technique is proposed. This technique contains pass-matrix. More than one image are used to set the password. For every login session, user needs to scroll circulatory horizontal and vertical bars. A password hint is provided to the user to select desired image password grid. Horizontal and vertical scroll bar covers the entire scope of pass-images. For password selection, password hint and horizontal and vertical scroll bar are used. The proposed technique is implemented on android platform. The system performance is measured using memorability and usability of a password scheme with respect to the existing technique.
The most common user authentication method is the text-based password scheme that a user enters a login name and a password. The vulnerabilities of this method have been well known. Users tend to pick short passwords or passwords that are easy to remember , which makes the passwords vulnerable for attackers to break. To resist brute-force search and dictionary attacks, users are required to use long and random passwords. Unfortunately, such pass-words are hard to remember. Furthermore, textual password Graphical password schemes have been proposed as a possible alternative to text-based schemes, motivated par-tially by the fact that humans can remember pictures bet-ter than text . In addition, the possible password space of a graphical password scheme may exceed that of text-based schemes and thus presumably offer higher level of security. It is also difficult to devise automated attacks for graphicalpasswords. As a result, graphical password schemes provide a way of making more human-friendly passwords while increasing the level of security. Due to these advantages, there is a growing interest in graphical password. However, existing graphicalpasswords are far from perfect. Typically, system requirements and com- munication costs for graphicalpasswords are significantly higher than text-based passwords. In addition, few graph-ical systems support keyboard inputs. More importantly, most current graphicalpasswords are more vulnerable to shoulder-surfing attacks than textualpasswords.
A password is a form of secret authentication data that is used to control access to a resource. It is kept secret from those who are not allowed access, and those wishing to gain access are tested on whether or not they know the password and are granted or denied authentication. In recent years, passwords are used to control access to secure mobile phones, OS, ATM machines etc. passwords are used for many purposes such as log in to computer accounts, retrieving e-mail, accessing databases, networks, web sites, files and others. Drawbacks of normal textual password include forgetting the password, stolen the password and short password selection. This means, there is a great necessity to have a strong authentication mechanism to secure all our applications. In early days, conventional passwords have been used for authentication but they are having usability and security issues. Other methods such as graphical password authentication are one of the possible solutions to overcome these limitations. Graphical based password authentication has been introduced as an alternative to textual, biometric and token based authentication . This is due to the fact that humans can remember images rather than alphanumeric characters . Images are easier to be remembered than text, especially photos, which are even easier to be remembered than random pictures . In graphical password scheme, the problem arises because passwords are expected to have two fundamental needs: The password should be secured one and the password should be easy to remember. Graphicalpasswords were originally introduced by Blonde.
ABSTRACT: The most common method is textualpasswords that were used for authentication. Unfortunately, these passwords can be easily guessed or cracked. The next best techniques are graphicalpasswords. Since, there are many graphical password schemes that are proposed in the last decade, But most of them suffer from shoulder surfing which is also a big problem. Also, there are few graphicalpasswords schemes that have been proposed which are resistant to various attacks. In this paper two new authentication schemes are proposed with steganography algorithm for any transaction . Any authentication process gets very secure when two or three techniques used together for a system. For every login process, user input different passwords. We proposed two different shoulder surfing resistance graphical password authenticationscheme methods one is AS3PAS and second is hybrid textualscheme using color code also Advanced LSB which removes the drawback of simple LSB that it supports all image format.
This paper presents a survey on various techniques such as textual password, graphical password, Captcha password and CaRP technique. CaRP is a combination of both a CAPTCHA and a graphical password scheme. CaRP schemes are classified as Recognition-Based CaRP and Recognition-Recall CaRP. We have discussed Recognition- Based CaRP which include ClickText, ClickAnimal and AnimalGrid techniques in this paper. Current graphical password techniques are an alternative to text password, but are still not fully secure. As a framework, CaRP does not rely on any specific CAPTCHA scheme, but CAPTCHA scheme is broken, then a new and more secure scheme appears is a CaRP scheme. Due to reasonable security and practical applications, CaRP has best potential for refinements. The usability of CaRP can be further improved by using images of different layers of difficulty based on the login history of machining.
ABSTRACT: Wide-ranging people prefer the unforgettable passwords rather than the strong passwords which are complicated to keep in mind. Human mind can effortlessly memorize the image than textual character. Now a day, the online guessing attacks such as dictionary attacks, brute force attacks and the botnet (Robotic Network) are dreadfully confronting to face. While keeping from happening such attacks, make available the expedient login for genuine users is a complex problem. This project effort unites the Persuasive Pixel Click Points (PPCP) and Password Guessing Resistant Protocol (PGRP) in graphicalpasswords. In this work, we confer the inadequacy of existing and proposed login protocols intended to address large scale online dictionary attacks. To recognize the malicious login attempts Automated Turing Tests (ATTs) e.g., Captcha is efficient and uncomplicated to organize technique other than it offers inconvenience to the users. The PGRP counts the number of failed login attempts per username. It confines the total number of failed login attempts from the unknown seclude hosts at the same time it offers the genuine users to make use of several failed login attempts prior to deal with an ATT. As a result this work balances the usability and security in the authentication schemes.
Many user studies and survey have confirmed that people can recall graphical password more reliably than text based password over a long period of time. This seems to be the main advantages of graphicalpasswords. Graphical password system can be classified as either recognition-based, cued recall-based or pure recall-based . Dhamija and Perrig  proposed a graphicalauthenticationscheme based on Hash Visualization techniques .Several authentication protocols have been proposed to integrate bio-metric authentication with user name and password authentication and/or graphicalauthentication. However, given the limited candidate faces on the screen, the security of Pass faces is vulnerable to trial attacks. Convex Hull Click  is developed to overcome the problem of passwords that are vulnerable to shoulder surfing in a public environment. It motivates the users to log in quickly and accurately. The suggested number of icons to ensure a large password space makes the screen crowded for users to find out the right click region. It was also be found that, the Convex Hull occasionally forms too narrow a space for users to click on. Another shoulder surfing resistant graphical password scheme is obtained by adding a light graphic layer to traditional textual- based password scheme .The scheme has proved to be effective against shoulder surfing attacks, and yet as it is alphanumeric-based, it contains the inevitable drawbacks of alphanumeric passwords .Token based techniques, such as key cards, bankcards and smart cards
Vachaspati designed a novelscheme called S3PA which provides the login screen to the user every time the user logs in. Login image consists of a set of characters. Neural network is used for authentication  . Abuthaheer’s authentication merges cued click points, text and token based verification and reduces the guessing attacks as well as encouraging users to select more random and difficult to guess passwords  . Harsh Kumar designed a method in which click points will based on user perception of click points not on the basis of traditional technique like tolerance square. A perceptual hash function will be used for comparing click points made at registration time and login time. The click point is compared ,based on the content of click points which provides more accuracy and security  . Sneha Vasant Thakare presents 3D security cloud computing using graphical password. The 3D security have a 3 protection ring in which file categorization done by R-CIA algorithm, divides the files into ring 1, ring 2, ring 3. 3D password is used for ring 1, graphical password with icons is used for ring 2, persuasive clued click point is used for ring 3. Depending on rings, multi level security system increases secure access of cloud services. 3D password is a time consuming process and needs large amount of memory space and so a multi level authentication is taken as a consideration  .
The use of passwords is a major point of vulnerability in computer security, as passwords are often easy to guess by automated programs running dictionary attacks. Passwords remain the most widely used authentication method despite their well-known security weaknesses. User authentication is clearly a practical problem. From the perspective of a service provider this problem needs to be solved within real-world constraints such as the available hardware and software infrastructures. From a user's perspective user-friendliness is a key requirement. In this paper we suggest a novelauthenticationscheme that preserves the advantages of conventional password authentication, while simultaneously raising the costs of online dictionary attacks by orders of magnitude . The proposed scheme is easy to implement and overcomes some of the difficulties of previously suggested methods of improving the security of user authentication schemes. Our key idea is to efficiently combine traditional password authentication with a challenge that is very easy to answer by human users, but is (almost) infeasible for automated programs attempting to run dictionary attacks. This is done without affecting the usability of the system. The proposed scheme also provides better protection against denial of service attacks against user accounts .
ABSTRACT: The existing authentication system has certain drawbacks for that reason graphicalpasswords are most preferable authentication system where users click on images to authenticate themselves. An important usability goal of an authentication system is to support users for selecting the better password. User creates memorable password which is easy to guess by an attacker and strong system assigned passwords are difficult to memorize. So researchers of modern days gone through different alternative methods and conclude that graphicalpasswords are most preferable authentication system. The proposed system combines the existing cued click point technique with the persuasive feature to influence user choice, encouraging user to select more random click point which is difficult to guess.
of involving the Long Term Passwords for authenticating the users have is proposed in this system making the attacker task number of difficult as compared to present OTP . The OTP is entered as it is instead the OTP is arithmetically computed with LTP previously sent over mail id and the new number obtained by post result the arithmetic operation is used as a secure pin to validate the authorized user.
Information security is a very crucial task to protect the data or information. This data authentication is possible by the application of password. The alphanumerical passwords are being used in user authentication since very long time. Nowadays, most of the devices need a password which controls the access to the data. A small, and weak password for the security can be easily hacked by the attackers. If the user has a strong password, then it’s harder to remember it often. The normal alphanumeric password has some drawbacks. An article in computer world tells that within 30-second a hacker can guess the 80% text passwords because it is not highly secured. For the high-security, a new technology is invented. Instead of the alphanumeric password, the users can use a graphical password. Psychology studies say that a person can easily remember images in a long time rather than alphabets and numbers. It leads to propose a graphical password. Here, instead of typing an alphanumeric password, the user can just click on the images to authenticate themselves. An authentication method can be classified into mainly three categories.
It was introduced in  to use both Captcha and password in a user authentication protocol, which we call Captcha- based Password Authentication (CbPA) protocol, to counter online dictionary attacks. The CbPA-protocol in  needs solving of a Captcha challenge after giving a valid pair of user ID and password unless a valid browser cookie is acknowledged. For an unsound pair of user ID and password, the user has a certain probability to solve a Captcha challenge before saying no to the access. A modified CbPA-protocol is proposed in  by storing cookies only on user-trusted machines and applying a Captcha challenge only when the number of failed login attempts for the account has exceeded a threshold. It is further improved in  by applying a small threshold for failed login attempts from unknown machines but a large threshold for failed attempts from known machines with a previous successful login within a given time frame.
The password problem arises largely from limitations of humans’ long-term memory (LTM). Once a password has been chosen and learned the user must be able to recall it to log in. But, people regularly forget their passwords. Decay and interference explain why people forget their passwords. Items in memory may compete with a password and prevent its accurate recall. If a password is not used frequently it will be even more susceptible to forgetting. A further complication is that users have many passwords for computers, networks, and web sites. The large number of passwords increases interference and is likely to lead to forgetting or confusing passwords. Users typically cope with the password problem by decreasing their memory load at the expense of security. First, they write down their passwords. Second, when they have multiple passwords, they use one password for all systems or trivial variations of a single password. In terms of security, a password should consist of a string of 8 or more random characters, including upper and lower case alphabetic characters, digits, and special characters. A random password does not have meaningful content and must be memorized by rote, but rote learning is a weak way of remembering. As a result, users are known to ignore the recommendations on password choice.
The user requests for login the system and the system displays a circle which is divided into 8 equal sizes of sectors. Each sector is different color and each sector is recognized by the color of its the yellow sector is the sector of yellow is stating 64 characters are placed randomly in these sectors. These 64 characters is rotated simultaneously into adjacent sector either clockwise and anticlockwise by clicking the “clockwise” button or “Anticlockwise” button once respectively. The login screen of the proposed scheme is applied .
In 1999 Jermyn, Mayer, Monrose, Reiter, and Rubin proposed a new graphical password scheme called Draw-a-Secret algorithm as mentioned in . This scheme allows user to draw a unique password on a 2D grid. At registration phase the coordinates of the grids occupied by the drawn patterns are stored in order of the drawing. During authentication phase, the user is asked to redraw the picture by touching the same grids and in the same sequence. Unfortunately, most of the users over a certain period of time forget their drawing order. Another drawback is that the users tend to choose weak graphicalpasswords, which as a result makes this authenticationscheme kind of Predictable and vulnerable to various attacks.
texts, and even sentences. This concept was established through the experiment conducted by Shepard  where it was found that human users were able to recognize 98.5% images accurately after 60mins delay , which was not possible with letters, texts, and sentences. The applications of this concept is what brought graphicalpasswords to the lime light. Graphicalpasswords employ images or patterns to achieve dependable user authentication via a mouse , stylus or other graphical devices. The simple reason why graphicalpasswords are more memorable than text-based passwords is picture superiority effect. Currently, there are a number of graphical password systems in different classifications using different cognitive activities for their operations . First, there exist Locimetric graphical password systems where user select target points within a predetermined image in a specific order. Second, we equally have drawmetric passwords where the users have to draw a predetermine outline image on a touch screen grid. And thirdly, we have cognometric systems where the user needs to recognize a target object in a set of distractor objects or images. For all these schemes to function effectively, different memory features must be considered to improve memorability of user-generated passwords or passwords recollection using any of the schemes.
A recognition-based scheme requires identifying among decoys the visual objects belonging to a password portfolio. A typical scheme is Passfaces where in a user selects a portfolio of faces from a database in creating a password. During authentication, a panel of candidate faces is presented for the user to select the face belonging to her portfolio. This process is repeated several rounds, each round with a different panel. A successful login requires correct selection in each round. The set of images in a panel remains the same between logins, but their locations are permuted. Story is similar to Passfaces but the images in the portfolio are ordered, and a user must identify her portfolio images in the correct order. Déjà Vu is also similar but uses a large set of computer-generated “random- art” images. Cognitive Authentication requires a user to generate a path through a panel of images as follows: starting from the top-left image, moving down if the image is in her portfolio, or right otherwise. The user identifies among decoys the row or column label that the path end