Graphical password
A graphical password or graphical user authentication is a form of authentication using images rather than letters, digits, or special characters. The type of images used and the ways in which users interact with them vary between implementations.
Content types and mechanisms
Image sequence
Graphical passwords frequently require the user to select images in a particular order or respond to images presented in a particular order.[1]
Image-generated text
Another graphical password solution creates a one-time password using a randomly generated grid of images. Each time the user is required to authenticate, they look for the images that fit their pre-chosen categories and enter the randomly generated alphanumeric character that appears in the image to form the one-time password.[2][3]
Facial recognition
One system requires users to select a series of faces as a password, utilizing the human brain's ability to recall faces easily.[4]
Weaknesses
When not used in a private setting, graphical passwords are typically more susceptible than text-based passwords to "shoulder-surfing attacks", in which an attacker learns the password by watching the screen as a user gains access.[5]
References
- graphical password or graphical user authentication (GUA). searchsecurity.techtarget.com. Retrieved on 2012-05-20.
- Ericka Chickowski (2010-11-03). "Images Could Change the Authentication Picture". Dark Reading.
- "Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites">"Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites". 2010-10-28.
- Butler, Rick A. (2004-12-21) Face in the Crowd. mcpmag.com. Retrieved on 2012-05-20.
- Zakaria, Nur Haryani; Griffiths, David; Brostoff, Sacha; Yan, Jeff (20 July 2011). "Shoulder Surfing Defence for Recall-based Graphical Passwords" (PDF). Symposium On Usable Privacy and Security (SOUPS) 2011.