Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Graphical Password Authentication

No description

Stephanie Lai

on 13 June 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Graphical Password Authentication

Presenter: Lai Kai Sing
Graphical Password

Problem Statement
Why Graphical Password?
Limitations on memorability
Current Authentication Methods
Lengthy password

Not used frequently

Multiple password on multiple accounts
User's attitudes
Not changed frequently

Same password

Easily guessable or short -text
Security Issues
Brute force search

Social engineering

Dictionary attack
Based on “Something You Possess”

Good example is Kerberos
Based on “Something You Are”

The most secure!
Expensive & Slow
Contact Technology
Contactless Technology
Based on “Something You Know”
Memory Process
Recognition-based technique

Recall-based technique
Self-Service Password-Retrieving Process
Facial scan
Voice recognition
Iris scan
A picture worth a thousand of words!
Easy recognize

High accuracy

Minimized the tendency to select insecure passwords
Hard to figure out

Hard to guess

Better resistance
7-6-2013 3:10pm
Graphical Password Systems
Cued recall-based/ Location-based
Pure recall-based/Grid based
Déjà Vu
Upload Click Adjust
Draw-a-Secret (DAS)
Background DAS (BDAS)
Less memorize
Reproduce same outline drawing
Add background image Increased complexity Better security
Security Properties and
Threats Analysis
Shoulder Surfing
Applies direct observation methods

Using spy camera to capture

Brute Force Attack
Tries every possible combinations
of password until being authenticated

Less vulnerable
Dictionary Attack
Systematically enters each word in dictionary

Less susceptible
Application to FYP
Payroll System
Mobile System
Risk Associated
- Unauthorized access
- Leaking of private information
- Unauthorized amendments

Scheme Recommended
- Déjà Vu + one challenge question
- 90% of success rate
- Less vulnerable
- Especially when making any changes/inserting
any new records
Risk Associated
- Stolen of confidential information
- Lost of mobile phone
- Unknown Wi-Fi network

Scheme Recommended
- Passpoints + alphanumerical password
- Emerging of touch experience
- Instant access through self-service portal
- Limit the gestures
Fingerprint scan
Hand geometry scan
Includes both text-based and picture-based
Full transcript