Professional Documents
Culture Documents
Using the word Creative as an example, users common password, “password1,” was used in
often create passwords such as 0.22 percent of all accounts. The frequency
drops off pretty fast after that: “abc123″ and
CrEaTiVe (by alternating upper and
“myspace1″ were only used in 0.11 percent of
lower case),
all accounts, “soccer” in 0.04 percent and
eViTaErC (by reversing the string), “monkey” in 0.02 percent.
aCEriTVe(by shuffling the string), Another drawback of alpha-numeric
3a8tive (combining numbers and password is the dictionary attack. Because of
letters). the difficulty in remembering random strings of
However, the better the password is, the harder characters, most users tend to choose a
Triangle scheme
The system randomly scatters a set of N
objects on the screen. In practice, the number N
could be a few hundred or a few thousand, and
the objects should be different enough so that
the user can distinguish them. In addition, there The number of possible passwords is
is a subset of K pass-objects previously chosen the "binomial coefficient" (choose any K
and memorized by the user. At login the objects among N). When N = 1000 and K = 10,
system will randomly choose a placement of the number of possible passwords is hence
the N objects. However, the system first approximately 2.6 * 1023. This is a little more
randomly chooses a patch that covers half the than the number of alpha-numeric passwords of
screen, and randomly places the K chosen length 15 (3615 2.2 * 1023 ). Having N =
objects in that patch. To login, the user must 1000 objects is not unreasonable (compare with
find 3 of the pass-objects and click inside the the "Where is Waldo" puzzles, where there are
invisible triangle created by those 3 objects. typically tens of thousands of little persons in a
This is equivalent to saying that the user must picture). Moreover, one can expect a user to
click inside the convex hull of the pass-objects choose the K objects fairly randomly; or, at
that are displayed. In addition, for each login least, an attacker (especially a computerized
this challenge is repeated a few times using a attacker) cannot predict much about which K
different display of some of the N objects. objects a user will choose. On the other hand,
Therefore, the probability of randomly clicking the large number of possible alpha-numeric
in the correct region in each challenge is very passwords (3615 2.2 * 1023) is an illusion:
low. users do not choose alpha-numeric passwords
randomly at all.
locate 3 out of K pass-objects. This time system offering easy and secure logon. It is a
however, graphic
Conclusion
The past decade has seen a growing interest in
This feature is skillfully deployed in the
using graphical passwords as an alternative to
creation of the authentication tool called the
the traditional text-based passwords. In this
pass face, instead of the word-based entry pass,
paper, we have conducted a comprehensive
here we have a `face'-based entry pass. Here
survey of existing graphical password
the pass phrase is not a string of alphanumeric
techniques. Although the main argument for
characters but a string of face images. You can
graphical passwords is that people are better at
select an image combination and whenever you
memorizing graphical passwords than text-
try to access a service based on this
based passwords, the existing user studies are
authentication method, the system will show
very limited and there is not yet convincing
you a set of faces from which you need to
evidence to support this argument. Our
select the ones that belong to your password
preliminary analysis suggests that it is more
string.
difficult to break
Other solutions
Graphical passwords using the traditional
attack methods such as brute force search,
dictionary attack, or spy ware. However, since
there is not yet wide deployment of graphical
password systems, the vulnerabilities of
graphical passwords are still not fully
understood. Overall, the current graphical
password techniques are still immature. Much
more research and user studies
are needed for graphical password techniques
to achieve higher levels of maturity and
usefulness.
rutgersscholar.rutgers.edu/volume04/so
brbirg/sobrbirg.html
http://searchsecurity.techtarget
.com/sDefinition/0,290660,sid14_
gci1001829,00.html