Graphical password

A graphical password or graphical user authentication is a form of authentication using images rather than letters, digits, or special characters. The type of images used and the ways in which users interact with them vary between implementations.

Content types and mechanisms

Image sequence

Graphical passwords frequently require the user to select images in a particular order or respond to images presented in a particular order.[1]

Image-generated text

Another graphical password solution creates a one-time password using a randomly generated grid of images. Each time the user is required to authenticate, they look for the images that fit their pre-chosen categories and enter the randomly generated alphanumeric character that appears in the image to form the one-time password.[2][3]

Facial recognition

One system requires users to select a series of faces as a password, utilizing the human brain's ability to recall faces easily.[4]

Weaknesses

When not used in a private setting, graphical passwords are typically more susceptible than text-based passwords to "shoulder-surfing attacks", in which an attacker learns the password by watching the screen as a user gains access.[5]

gollark: Observe my most excellent code.

gollark: What is that?

gollark: PotatOS is mostly well sandboxed.

gollark: Bad news! PotatOS apparently has TWO major unpatched sandbox exploits now!

gollark: Oh dear! I hope he isn't harvesting credit card numbers and passwords from osmarks.tk!

References

graphical password or graphical user authentication (GUA). searchsecurity.techtarget.com. Retrieved on 2012-05-20.
Ericka Chickowski (2010-11-03). "Images Could Change the Authentication Picture". Dark Reading.
"Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites">"Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites". 2010-10-28.
Butler, Rick A. (2004-12-21) Face in the Crowd. mcpmag.com. Retrieved on 2012-05-20.
Zakaria, Nur Haryani; Griffiths, David; Brostoff, Sacha; Yan, Jeff (20 July 2011). "Shoulder Surfing Defence for Recall-based Graphical Passwords" (PDF). Symposium On Usable Privacy and Security (SOUPS) 2011.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[techtarget-1] raphical password or graphical user authentication (GUA). searchsecurity.techtarget.com. Retrieved on 2012-05-20.

[darkreading-2] Ericka Chickowski (2010-11-03). "Images Could Change the Authentication Picture". Dark Reading.

[marketwire-3] "Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites">"Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites". 2010-10-28.

[butler-4] Butler, Rick A. (2004-12-21) Face in the Crowd. mcpmag.com. Retrieved on 2012-05-20.

[zakaria-5] Zakaria, Nur Haryani; Griffiths, David; Brostoff, Sacha; Yan, Jeff (20 July 2011). "Shoulder Surfing Defence for Recall-based Graphical Passwords" (PDF). Symposium On Usable Privacy and Security (SOUPS) 2011.