GRAPHICAL PASSWORD AUTHENTICATION METHODS IN INFORMATION SECURITY

Obasan Adebola,Patrick Owohunwa, and Abdulazeez Sikiru

Kaduna Polytechnic, Department of Mathematics, Statistics & Computer Science, College of Science & Technology, Kaduna State, Nigeria.

E-mail:  aolukay@yahoo.com, owohunwapatrick@yahoo.com,

Abstract

Password authentication is a basic form of information security for computers and communication systems where passwords recalled from human memory are used to validate users before allowing them access to their different secure resources like personal computers, e-mail, individual bank accounts, social networks to mention a few. Therefore, today users have many passwords and find it difficult to create them according to the established password security guidelines. Instead, most users write down their passwords, and use one password for multiple accounts while others settle for simple, short, personal names of family members, dates, dictionary words, and unsecure passwords due to human memory limitation. Recall-based graphical password schemes are one of many proposed mechanisms for user authentication based on the premise that human memory is better at remembering images than textual information.  Most of these schemes have worked on the usability and security enhancement. The present study is mainly focused on the security analysis of the existing graphical authentication methods with discussions on different aspects of password security. The paper starts by categorizing the existing graphical schemes into three major types according to memory tasks: recall, cue recall and recognition tasks of human memory.  A total of seven schemes are chosen from each of the three categories and each of the schemes was extensively discussed. We review a number of criterions for measuring efficiency of authentication systems and examined different conventional password attack methods. Password space and password entropy formulae and calculations related to the schemes are also presented in this paper. A comprehensive analysis of each authentication method highlighting their password entropy and vulnerability to different password attacks was presented. In conclusion, some suggestions are given for future work.