Shoulder surfing

One of the most important topics in information security today is user authentication. There is a good security when using the text-based strong password schemes but often memorizing the password is so difficult and users writing them down on a piece of paper or saving inside the computer. There is an alternative solution to the text-based authentication which is the GUA (Graphical User Authentication) or simply Graphical Password based on the fact that humans tend to remember images better. This type of interface provides an easy to create and remember passwords for the users. However, one big issue that is plaguing GUA is shoulder surfing attack that can capture the users mouse clicks and image gallery attack that can change the images of the gallery with physical attack. In this paper, we will propose a new algorithm that using watermarking technique as the solution to solving image gallery attacks and using the random character set generation for each image for resistance to shoulder surfing attack to provide better system security. All the information images in registration phase will be process by copy right protection of watermarking where the login page will check this information for security purposes. Here, we will evaluate and analyze six types of the more common graphical password attack methods.

In today's world, securing the assets is necessary that can be done by password. But imagine if password is stolen or hacked then what about the security of assets? In this Paper, we have discussed the major attacks as well as password authentication / security methods and techniques. We have proposed a password security method, where arithmetic operations are performed on user selected pattern from time variables to generate secure password. The task of validating the password or authentication of user can be done on both client and server side. We have analysed how proposed scheme defends across brute force, dictionary, phishing, shoulder surfing, key logger, video recording and replay attacks. To the best of our knowledge, our pattern based time variable password method with arithmetic operation is the one which is able to defend against the all major attacks together.

We present captcha as graphical passwords inmany security primitives square measure supported laborious mathematical issues. Exploitation laborious AI issues for security is rising as AN exciting new paradigm, however has been beneath explored. During this paper, we have a tendency to gift a brand new security primitive supported laborious AI issues, namely, a unique family of graphical watchword systems designed on high of Captcha technology, that we have a tendency to decision Captcha as graphical passwords (CaRP). CaRP is each a Captcha and a graphical watchword theme. CaRP addresses variety of security issues altogether, like on-line guess attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP watchword is found solely probabilistic ally by automatic on-line guess attacks although the watchword is within the search set. CaRP additionally offers a unique approach to deal with the well-known image hotspot drawback in standard graphical watchword systems, like Pass Points, that usually ends up in weak watchword decisions.CaRP isn't a nostrum, however it offers cheap security and usefulness and seems to suit well with some sensible applications for rising on-line security.

Password authentication is one of the most important components for security and confidentiality of data that is stored on various workstations and servers. There are various kinds of ways to authenticate passwords, for example, textual passwords, graphical passwords, session passwords etc. Biometric authentication is also one of the trending ways these days but has several physiological issues. Though textual password is very common among people, it is still susceptible to various attacks like brute force attacks, dictionary attack, glossary attack, shoulder surfing, keylogger attack or eavesdropping. Graphical passwords were the new solution but had drawbacks like taking more time to authenticate and slow processing issues. Thus we introduce a new session password system, which is a one-time use password. This system uses only symbols for authentication. The generation of the password each time depends on an algorithm.

Information and computer security is supported
largely by passwords which are the principle part of
the authentication process. Traditionally, picturebased password systems employ
pictures/icons/symbols as input during an
authentication session. Also the most common
computer authentication method is to use
alphanumerical username and password which has
significant drawbacks, thus making them vulnerable
to “shoulder-surfing” attack because the visual
interface by function is easily observed by others.
When users input their passwords in a public place,
they may be at risk of attackers stealing their
password. An attacker can capture a password by
direct observation or by recording the individual’s
authentication session. This is referred to as shoulder
surfing. Recent software-based approaches attempt to
minimize this threat by requiring users to enter their
passwords indirectly by performing certain mental
tasks to derive the indirect password, thus concealing
the user's actual password. However, there are many
situations where the user can still be exposed to any
kind of shoulder surfing attack. So, we use graphical
authentication as a solution.

Passwords are a good idea, in theory. They have the potential to act as a fairly strong gateway. In practice though, passwords are plagued with problems. They are (1) easily shared, (2) trivial to observe and (3) maddeningly elusive when forgotten. While alternatives to passwords have been proposed, none, as yet, have been adopted widely. There seems to be a reluctance to switch from tried and tested passwords to novel alternatives, even if the most glaring flaws of passwords can be mitigated. One argument is that there is not enough investigation into the feasibility of many password alternatives. Graphical authentication mechanisms are a case in point. Therefore, in this paper, we detail the design of two prototype applications that utilise graphical authentication mechanisms. However, when forced to consider the design of such prototypes, we find that pertinent password problems eg. observation of entry, are just that: password problems. We conclude that effective, alternative authentication mechanisms should target authentication scenarios rather than the well-known problems of passwords. This is the only route to wide-spread adoption of alternatives.

Clients regularly reuse the same customized recognizable proof numeric system for various sessions. Coordinate numeric sections can be profoundly powerless for the bear to break assaults and assailants can successfully watch PIN section with covered cameras. Backhanded PIN passage techniques proposed as countermeasures are seldom conveyed on the grounds that they request a heavier subjective workload for clients. To accomplish security and ease of use and display a useful aberrant PIN section technique called Stegano PIN. It has two main numbered systems, first is the secured, the second one is unclosed. Intended objectively for looking someone’s shoulder’s over direct observation of the hidden cameras. In the wake of finding a long haul PIN in the more run of the mill design, secured numeric system, client produces an OTP to securely come on the display assailants. The test control utilized an inside subject factorial outline with two autonomous factors- PIN section framework, reco...

In today's world of E-Commerce everything comes online like Music,E-Books, Shopping all most everything is online. If you are using some service or buying things online then you have to pay for that. For that you have to do Net Banking or you have to use Credit card which will do online payment for you. In today's environment when everything is online, the service you are using for E-Payment must be secure and you must protect your banking information like debit card or credit card information from possible threat of hacking. There were lots way to threat like Key logger, Forgery Detection, Phishing, Shoulder surfing. Therefore, we reveal our actual information of Bank and Credit Card then there will be a chance to lose data and same credit card and hackers can use banking information for malicious purpose. In this paper we discuss available E-Payment protocols, examine its advantages and delimitation's and shows that there are steel needs to design a more secure E-Payment protocol. The suggested protocol is based on using hash function and using dynamic or virtual password, which protects your banking or credit card information from possible threat of hacking when doing online transactions.

Graphical passwords effectively used in authentication system to prevent unauthorized access to mobile device. The security of these mobile devices are limited by shoulder surfing, it refer to direct observation techniques someone’s shoulder to get information. Graphical password scheme have been developed to obstruct this attack. We represent efficient techniques towards the graphical authentication system. Graphical password scheme simply refer the color. The colors are represented in the circle and circle containing the different sector having the alphabets and number. Graphical password scheme prevent the accidental login and the shoulder surfing. User is entering his information at the time of creating an account, that time user enter his favorite color. When user is login, user can rotate the sector in such a way that the alphabets or digits which is in the password that should be comes in the favorite color and then press the button confirm. Likewise user is entering his whole password, till the length of that password. Finally press the login button and then user is successfully login without shoulder surfing. So that attacker doesn’t get the password whatever is entering in the system.