ABSTRACT :

Graphical passwords provide a promising alternative to traditional alphanumeric passwords. They are attractive since people usually remember pictures better than words. In this extended abstract, we propose a simple graphical password authentication system. We describe its operation with some examples, and highlight important aspects of the system.

INTRODUCTION :

User authentication is a fundamental component in most computer security contexts. It provides the basis for access control and user accountability [1]. While there are various types of user authentication systems, alphanumerical username/passwords are the most common type of user authentication. They are versatile and easy to implement and use.

Alphanumerical passwords are required to satisfy two contradictory requirements. They have to be easily remembered by a user, while they have to be hard to guess by impostor [2]. Users are known to choose easily guessable and/or short text passwords, which are an easy target of dictionary and brute-forced attacks [3, 4, 5]. Enforcing a strong password policy sometimes leads to an opposite effect, as a user may resort to write his or her difficult-to-remember passwords on sticky notes exposing them to direct theft.

In the literature, several techniques have been proposed to reduce the limitations of alphanumerical password. One proposed solution is to use an easy to remember long phrases (passphrase) rather than a single word [6]. Another proposed solution is to use graphical passwords, in which graphics (images) are used instead of alphanumerical passwords [7]. This can be achieved by asking the user to select regions from an image rather than typing characters as in alphanumeric password approaches.

In this extended abstract, we propose a graphical password authentication system. The system combines graphical and text-based passwords trying to achieve the best of both worlds. In section 2, we provide a brief review of graphical passwords. Then, the proposed system is described in section 3. In section 4, we briefly discuss implementation and highlight some aspects about the proposed system.

EXISTING SYSTEM :

Graphical passwords refer to using pictures (also drawings) as passwords. In theory, graphical passwords are easier to remember, since humans remember pictures better than words [8]. Also, they should be more resistant to brute force attacks, since the search space is practically infinite.

In general, graphical passwords techniques are classified into two main categories: recognition-based and recall-based graphical techniques [7]. In recognition-based techniques, a user is authenticated by challenging him/her to identify one or more images he or she chooses during the registration stage. In recall-based techniques, a user is asked to reproduce something that he or she created or selected earlier during the registration stage.

Pass faces is a recognition-based technique, where a user is authenticated by challenging him/her into recognizing human faces [9]. An early recall-based graphical password approach was introduced by Greg Blonder in 1996 [10]. In this approach, a user create a password by clicking on several locations on an image. During authentication, the user must click on those locations. PassPoints builds on Blonders idea, and overcomes some of the limitations of his scheme [2]. Several other approaches have been surveyed in the following paper [7].

PROPOSED SYSTEM :

The proposed authentication system works as follows. At the time of registration, a user creates a graphical password by first entering a picture he or she chooses. The user then chooses several point-of-interest (POI) regions in the picture. Each POI is described by a circle (center and radius). For every POI, the user types a word or phrase that would be associated with that POI. If the user does not type any text after selecting a POI, then that POI is associated with an empty string. The user can choose either to enforce the order of selecting POIs (stronger password), or to make the order insignificant.

For authentication, the user first enters his or her username. The system, then, displays the registered picture. The user, then, has to correctly pick the POIs and type the associated words. At any time, typed words are either shown as asterisks (*) or hidden. In Figure 2, we show an example of the login screen.

IMPLEMENTATION :

The proposed system was implemented using Visual Basic .NET 2005 (VB.net). The implementation has three main classes:

• Login Info: Contains username, graphical password, and related methods.

• Graphical Password: Contains graphical password information and related methods.

• SelReg: Contains fields about selected regions (POIs).

In the proposed system, a user freely chooses a picture, POIs and corresponding words. The order and number of POIs can be enforced for stronger authentication. Together, these parameters allow for a very large password space. We believe that proposed approach is promising and unique for at least two reasons

• It combines graphical and text-based passwords trying to achieve the best of both worlds.

 • It provides multi-factor authentication (graphical, text, POI-order, POI-number) in a friendly intuitive system.

SYSTEM REQUIREMENTS
SOFTWARE REQUIREMENTS:
• Programming Language : Python
• Font End Technologies : TKInter/Web(HTML,CSS,JS)
• IDE : Jupyter/Spyder/VS Code
• Operating System : Windows 08/10

HARDWARE REQUIREMENTS:

 Processor : Core I3
 RAM Capacity : 2 GB
 Hard Disk : 250 GB
 Monitor : 15″ Color
 Mouse : 2 or 3 Button Mouse
 Key Board : Windows 08/10