WyseLabs Internet Marketing Forum :: Start Sharing

[royvipin]

A GRAPHIICAL PASSWORD is an authentication system that works by having the user select from images, in a specific order, presented in a graphical user interface (GUI).A graphical password is easier than a text-based password for most people to remember.
Here are some links which describes the concept of Graphical Passwords:

[beniston]

If another person sees from behind what I am providing as graphically, it would be easy for that person to do that in my absence as what I am clicking as password is visible clear. So how to deal with this situation?

[royvipin]

Yes Beniston, it is a valid question. The one you asked is a known drawback of Graphical Passwords and the problem is called as 'Shoulder surfing Problem'.Due to this vulnerability, graphical passwords could be used in environments where view of the screen is not exclusive to the person logging in(For Example Mobile Phones,iPad etc.).
But they are also introduced some methods for solving this issue:
(1) TRIANGLE SCHEME:The system randomly scatters a set of N objects on the screen. In addition, there is a subset of K pass-objects (e.g., K = 10) previously chosen and memorized by the user. At login the system will randomly choose a placement of the N objects. However, the system first randomly chooses a patch that covers half the screen, and randomly places the K chosen objects in that patch. To login, the user must find 3 of the pass-objects and click inside the invisible triangle created by those 3 objects.
(2) MOVABLE FRAME SCHEME:Using the same ideas and assumptions as in the triangle scheme, the user must now locate 3 out of K pass-objects. This time however, only 3 pass-objects are displayed at any given time and only one of them is placed in a movable frame. Which pass-object is displayed within the frame is completely arbitrary.The task of the user is to move the frame (and the objects within it, like a tape) by dragging the mouse around the frame until the pass object on the frame lines up with the other two pass-objects. As before, this procedure is repeated a few more times to minimize the likelihood of logging in by randomly moving the frame.
(3) OTHER SPECIAL GEOMETRIC CONFIGURATIONS:Using the same ideas one can achieve more complex ways of telling the user where to click by increasing the number of pass-objects that are displayed at the same time. This scheme uses the intersection of the invisible lines formed by 4 pass-objects (out of K previously chosen pass-objects). The user must click near the intersection of the two of these invisible lines, inside the convex quadrilateral formed by those 4 pass-objects. A similar analysis as for the triangle scheme shows that for N = 1000 and K = 10, the attacker cannot have enough computer memory to carry out an exhaustive-search attack.

[beniston]

Fine. Thanks for the reply