Password Authentication System Using Graphical Images

Kathireshan V.
Assistant Professor
Department of MCA
Jain University, Bengaluru

Prem Kumar
Department of MCA
[email protected]
Department of MCA
Jain University, Bengaluru
 Abstract

Current password-based system mostly uses In this First method picture sequential
is Alpha-numeric world-wide, requires an method is opted where some number of
alternative method to eradicate the pictures are assigned for authentication by
vulnerabilities and security issues occurs in
the System, introducing the graphical based user while registration process, indeed user
password system with e-mail OTP have to remember the pictorial password
verification for multi-purpose levels of while logging in to authenticate the
access and providing the securities. This will credential. [2]
be working on image sequential process
which will authenticate the user. User will save Recall based techniques
its memory utilization by simple pictorial
password method which can be recognizable User is required to give the same input as a
easily and used. password what has been defined while
configuration. [3]
Introduction
They have proposed a combination of both
Text password was the only system used for methods in the software, in order to provide
authentication system. The system finds more rigidness and ease with more
many disadvantages to use it, was not trusted functionalities. The registration phase asks
and confidential as it had always threat of user to create a password of 6 images, shows
getting hacked. Then invention of biometric the selected panel at down of the panel user
authentication system, QR codes and 2 step registration page to make the password
mobile verification invented to overtake the remember by user, the password reviews for
disadvantages of the text-based password [1]. only 5 seconds then it disappears for safety
But these systems had also some drawbacks measures.
within it, like these systems were expensive
and unavailability of its. Then the graphical Second method is CCP are used in this
password authentication system comes to method of software, where a user will have a
authentication system comes into existence, picture pre-defined with certain axis points,
at initial stages pass point and persuasive user will define it where it is required to…
click point were the systems used as the and when logging in, user can easily just click
alternative of the text password. But those certain point in order to authenticate the
had some disadvantages. But the Recall credentials inputted by!
based method overtake all the disadvantages
of the old password authentication system. It This module will work based on the cued
helps to enhance the graphical password click point functions defined by the user, the
authentication system. Provides best system creator has deployed a system where user is
for user to use and recognizing system easily. prevented from threats when someone other
will try to log in, a mobile alert will be sent
regarding the log in in absence of the valid
user. This approach is used to avoid the
Literature Survey shoulder surfing and spoofing by attacker.

The various methods which can be deployed The alert method works when attacker gives
in-order to maintain the secrecy level third time wrong click while authentication
graphical based. They have defined these of credentials, while creating user id, user
methods…Recognition based techniques can upload own picture to just click and
proceed with password. This can prevent the
time consumption of entering the id. At the
time of registration user will be validated by
one unique code generated by the model and
 will be sent to email, user have to provide Working
that code before finishing the registration
process.
Here fig. 1 depicts about the registration and
login phase of the mechanism, where
sequential procedure is followed in order to
PROPOSED SYSTEM authenticate the user and validate. When a
user opens this web application it provides
two panels i.e. registration and login, where
Various systems exist with many different existing user have to login and new users
techniques of authentications either it is have to register along with configuration and
algorithm based or some puzzled. The main his/her details in order to help in various
goal of this is to eliminate the limitation and manner like password recovery. After
increase the security more with less efforts configuration user can set extra security with
from user point of view, so it will be based of setting secret question and answer, now if
2 modules. First will be the Registration page user is trusted can login with credentials but
which will collect user data and defined user forgets the password, he/she can retrieve
pictures while configuration or user may use by two steps o.t.p. verification method i.e. e-
the pre-defined images from the software, mails and mobile o.t.p.
second will be the login page where user have
to give id and provide password by selecting
the picture in sequential manner! In old Hardware & Software Specification
system there was a limitation of recovering
the password if user forgets the password, but
this software contains recovery mechanism
where user can re-set the password using its Using NetBeans/Eclipse/PhP definition of
registered email id this model can be made into a drawing, using
jdk 8.1 with MySQL database this model is
Architecture deployed to be used, using this technology
senses that its compatibility has been kept in
mind for other systems. Though it can be
implemented as a standalone model which
Registration Login can be used by easily deploying in every steps
of the security phases.

User Details Forgot Password

Findings

Configuration O.t.p. Verify Throughout the whole phase from developing

to implementation, observed no error report
and working flawlessly with defined set of
compatibility required for to run this model
Security Authentication in a system, can be un-responsive when
compatibility is not fulfilling the required
environment to run this model; Mostly
relevant for organization where every access
Home point is secured with…

Fig.1
 Scope
Lots of password authentication systems with https://www.slideshare.net/asimkumarpatha
various types of encryption and algorithm k/graphical-pswrd-auth
methods and which are hackable due to many
vulnerabilities, though text password based https://krazytech.com/technical-
are sometime very easy to deploy but hard to papers/graphical-password-authentication
remember and creates mess with high
complexity of password guessing, so this https://www.seminarsonly.com/Labels/Grap
authentication system is graphical based and hical-Password-Authentication-Project.php
can be easily remember based on the user
choice, therefore upcoming androids or web http://fruittyblog.blogspot.com/2015/12/a-
application can be deployed with this kind of seminar-report-on-graphical-password-
system to avoid shoulder surfing and other authentication.html
spoofing methods. Even if we switch for
biometrics, again it is costly and cannot be
used by every person, this system can be used
to deploy ’n’ number of places which will be
less cost affective and easy to deploy.[4]

Conclusion

In this system we have created automatic

selection of images with a number of images
or can use it by own uploading, we have
tested it crash sequence, error report,
successful implementation, and reliability.
In this, attack like brute force or password
sniffing can’t be done because those types of
attacks are based of alphabets and numeric
picking techniques but here if somehow
attacker gets the image, he would not be able
to access. Reliability for user is kept in mind
where ease of use is there.

References
[1]https://searchsecurity.techtarget.com/defi
nition/graphical-password
[2]https://ieeexplore.ieee.org/document/574
9855
[3]https://ieeexplore.ieee.org/document/548
4822
[4]https://pdfs.semanticscholar.org/9b17/47e
ad0dae3177cc7c115b9e16b84f810b16f.pdf