You are on page 1of 11

Graphical User Authentication Using

Steganography and Random Codes


Knowledge-based authentication.
Text-Based Passwords
Graphical Password Authentication

Simple Text-Based Passwords are easy for attackers to guess

or Hack.
Complex & Lengthy Passwords are difficult for users to
A password authentication system should encourage strong
passwords while maintaining memorability.
Graphical Password authentication schemes allow user choice
while influencing users toward stronger passwords.

Attacks On Passwords

Brute Force Attack

Dictionary Attack

This attack uses words found in the dictionary. Usually we use weak passwords, easier for attackers to
guess the password.

Spyware Attack

Attack uses a small application installed (accidentally or secretly) on a users computer.

Records sensitive data during mouse movement or key press. This form of malware secretly store these
information and then reports back to the attackers system.

Shoulder Surfing Attack

Attack uses an algorithm that produces every possible combination of words to break the password.
Always proven successful against text-based password.

Passwords can be identified by looking over a persons shoulder. This kind of attack is more common in
crowded areas.

Social Engineering Attack (Description Attack)

When a non-authorized personal manages to Manipulate authorized person and access confidential

information (i.e.) passwords and codes.

The attacker interacts with unsuspecting person and gathers as much information they can to gain access

to the protected data.

Proposed System

Superiority Effect-a solution to conventional

password techniques.

Graphical passwords provide a promising alternative to traditional alphanumeric

People usually remember pictures better than words.
Here user will select some images from the given matrix of image.
The Selected Image will be stored as a password and submit to the system.
In the login phase, few random characters for each image in the matrix will be generated.
The user needs to enter the code corresponding to his Images, as a password to get the
It makes the login process more Secure from shoulder surfing attack while keeping it
simple for users without having to memorise complex passwords.
We applied this approach to create the system for accessing the web account with image
based password authentication system.


User Registration
Image Selection Procedure.
Account Lock-Out.
Monitoring Unauthorized User.
Account Recovery.
Accessing Web accounts.

Working Methodology

In registration page the user have to fill out the form by selecting the
username and his graphical password images.

The user has the chance to choose different number of images.

On the login section, the user first enters his username and then press tab.

The page will be refreshed and the password images will be displayed
with some random images.

The user should find his password images and then enter the text below of
his password image in the password textbox.


Working Methodology

If the Code entered belongs to correct password images, User gets login

After the successful user authentication, user will directly get login into
there web accounts without entering authentication Credentials manually.

In case of invalid login attempt for 5 times, the system gets locked-out.

In case of lockout if the computer is enabled with the web cam, it will
capture the snap of the unauthorised user.

If the account is locked out or if the user forgot his password, then he needs
to recover his account.

System Architecture


Graphical Password Schemes provide a way of making more

human-friendly passwords.

Here the security of the system is very high.

Every time user need to enter different set of code for

authentication i.e. every time new password gets generated.

Dictionary attacks, Brute Force attack, and other attacks are


System Requirement
: C#net
: .NET
: MS SQL Server
Operating System
Windows 7/Win 8
: Intel P-IV Based system
Processor Speed
: 250 MHz to 833MHz
512 MB to 2 GB
Hard Disk
: 10GB to 180GB

Thank You!!!