A survey of Possible Attacks on Text & Graphical Password Authentication Techniques

Sanjay E. Pate¹ , Bhojaraj H. Barhate²

Section:Survey Paper, Product Type: Journal Paper
Vol.06 , Special Issue.01 , pp.77-80, Jan-2018

Online published on Jan 31, 2018

Copyright © Sanjay E. Pate, Bhojaraj H. Barhate . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.  

View this paper at   Google Scholar | DPI Digital Library

PDF Download

How to Cite this Paper

Abstract :
The process of verifying a user`s identity is typically referred to as user authentication. Information Security and Authentication is now a key issue in the world. Gradually end users of Internet improved. General uses of the Internet are searching, e-mail, social networking, e-banking, e-governance, etc. User Authentication is the process of determining whether the user should be authorized to access information or not. Alphanumeric or text passwords are mostly used mechanism for authentication. But these are susceptible to a dictionary, brute force and guessing attacks. Resolution is to use Graphical Password, is more secure, reliable technique for authentication. Graphical passwords allow users to remember pictures/images instead of text which helps them to remember the passwords easily. But these are also vulnerable to the dictionary, brute force and guessing attacks. In this paper, Text-based password and graphical password techniques for Authentication are just discussed, and possible attacks on them are summarized.

Key-Words / Index Term :
Phishing, bots, OCR, PIN

References :
[1] Adams, A., and Sasse, M. A., "Users are not the enemy: why userscompromise computer security mechanisms and how to take remedialmeasures," Communications of the ACM, vol. 42, pp. 41-46, 1999.
[2] Herley, C., Van Oorschot, P. and Patrick, A., “Passwords: If We‟re So Smart,Why Are We Still Using Them?” in Financial Cryptography and DataSecurity, LNCS 5628, Springer, 2009.
[3] Ives, B., Walsh, K.R., Schneider. H., The domino effect of password reuse,Communications of the ACM 47, 75-78, 2004.
[4] Hayashi, E. and N. Christin, Use Your Illusion: Secure Authentication Usable Anywhere, in Proceedings of the 4th symposium on Usable privacy and security (SOUPS).2008,ACM.
[5] Lawrence O‟Gorman. Comparing Passwords, Tokens, and Biometrics for User Authentication.Proceedings of the IEEE, Vol. 91, NO. 12, Pages 2022-2033.December 2003.
[6] Monrose, F. and Reiter, M. Graphical passwords. Security and Usability:Designing Secure Systems That People Can Use, L. Cranor and S. Garfinkel,Eds. O‟Reilly Media, Chapter 9, 157–174. 2005.
[7] Renaud, K. “Evaluating authentication mechanisms,” Security and Usability:Designing Secure Systems That People Can Use, L. Cranor and S. Garfinkel,Eds. O‟Reilly Media, 2005, ch. 6, pp. 103–128.
[8] Renaud, K. “Guidelines for designing graphical authentication mechanisminterfaces”, International Journal of Information and Computer Security, vol.3, no. 1, pp. 60–85, June 2009.
[9] Sasse, M., Brostoff, S., and Weirich, D., Transforming the ‟Weakest Link‟ - AHuman/Computer Interaction Approach to Usable and Effective Security. BTTechnology Journal, 19(3):122–131, 2001.
[10] Chiasson, S., et al., Multiple Password Interference in Text Passwords and Click-Based Graphical Passwords. ACM,2009
[11] Suo, X., Zhu, Y. and Owen, G., Graphical passwords: A survey. Annual Computer Security Applications Conference (ACSAC), December 2005
[12] Vu, K.-P. L., Proctor, R., Bhargav-Spantzel, A., Tai, B.-L., Cook, J., andSchultz, E.2007.Improving password security and memorability to protectpersonal and Organizational information.International Journal of Human-Computer Studies 65, 744–757.
[13] Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A. and Memon, N.,PassPoints: Design and longitudinal evaluation of a graphical passwordsystem. International Journal of Human-Computer Studies, 63(1-2):102/127,2005.2):102/127,2005.
[14] Sonia Chiasson, P.C. van Oorschot, and Robert Biddle” Graphical Password Authentication Using Cued Click Points”
[15] Jain, A., Ross, A. and Pankanti, S., “Biometrics: a tool for information security,” Transactions on Information Forensics and Security (TIFS), vol. 1,no. 2, pp. 125–143, 2006.
[16] Monrose, F. and Reiter, M. Graphical passwords. Security and Usability: Designing Secure Systems That People Can Use, L. Cranor and S. Garfinkel, Eds. O‟Reilly Media, Chapter 9, 157–174. 2005
[17] Arash Habibi Lashkari, Samaneh Farmand1”A new algorithm on Graphical User Authentication(GUA) based on multi-linegrids
[18] S. Chiasson, P. C. van Oorschot, and R. Biddle, “A second lookat the usability of click-based graphical passwords,” in Proc.3rd Symp.Usable Privacy and Security (SOUPS), Pittsburgh,PA, 2007.
[19] D. Davis, F. Monrose, and M. Reiter, “On user choice ingraphical password schemes,” in 13th USENIX SecuritySymposium, 2004.
[20]Passlogix, "www.passlogix.com," last accessed in June 2005.