Authentication with Graphical Passwords

Graphical authentication mechanisms incorporate a graphical component in the authentication processes so users can select an image, draw a shape or choose colors instead of entering alphanumeric passwords.

One of the biggest problems with the ever-present username-password authentication system is the difficulty users have in remembering secure passwords. As a result, users often use simple passwords, which are easy to guess with social engineering techniques or crack with dictionary attacks, and even use the same password for different applications.

To eliminate these weaknesses, traditional alphanumeric passwords can be replaced by new graphical authentication systems, which can vary depending on the action the user is to perform. These systems can involve users:

  • Identifying one or more images out of a group.

gua_choose

  • Touching points of an image or moving one of the objects appearing in it.

gua_clicks

  • Drawing a line on a grid.

gua_matrix

In all of the above cases, graphical authentication is based on the fact that our capacity for recognizing is much greater than our capacity for remembering, which means it is always going to be easier for us to recognize something that we have seen before (e.g., an image) than remember something without having a clue to prompt us.

As well as being easier to remember for the user, graphical passwords are more robust, as it is much more difficult to apply brute force attacks to images than to text. Graphical passwords also make it impossible for there to be groups of passwords that are more common than others.

Furthermore, for the same length, alphanumeric passwords have a limited password space; i.e., they are always combinations of the same ASCII characters. Whereas, the inventory of possible graphical passwords is practically infinite.

The new mobile devices, with all-color and increasingly-large touch screens, are an ideal platform for using graphical passwords, which makes it possible to increase security at the same time as improving user experience.

At Semantic Web Trust Portal, you can configure and try out a graphical authentication system. The graphical password is also used in Safelayer's gOTP application.

 

©2012 safelayer.com