Novel Shoulder-Surfing Resistant Authentication Schemes using Text-Graphical Passwords

Abstract

There are many applications which require the user to be authenticated before being permitted to perform certain tasks. Text password-based authentication is a popularly used authentication mechanism. Despite having greater security, text-passwords are characterized by selection of a weak and easy to remember passwords. Users also tend to write them down and share them with friends, family members and colleagues defeating the security provided by text-passwords. Graphical passwords offer an alternative to text passwords as the password space is typically higher, less prone to dictionary attacks and easier to remember visually. However, they suffer from shoulder-surfing attacks. In this paper, we propose two authentication schemes that support keyboard as well as graphical mouse-based input that map password characters to other regions of the password space. This shields the user’s password from being known to the adversary thus deflecting shoulder-surfing and spyware attacks. The schemes include both single and multi color input images consisting of printable characters. An analysis of security, usability, memorability and social engineering aspects of the proposed schemes is presented. Future research directions are also presented