Providing a Secure Hybrid Method for Graphical Password Authentication to Prevent Shoulder Surfing, Smudge and Brute Force Attack
Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 32845
Providing a Secure Hybrid Method for Graphical Password Authentication to Prevent Shoulder Surfing, Smudge and Brute Force Attack

Authors: Faraji Sepideh


Nowadays, purchase rate of the smart device is increasing and user authentication is one of the important issues in information security. Alphanumeric strong passwords are difficult to memorize and also owners write them down on papers or save them in a computer file. In addition, text password has its own flaws and is vulnerable to attacks. Graphical password can be used as an alternative to alphanumeric password that users choose images as a password. This type of password is easier to use and memorize and also more secure from pervious password types. In this paper we have designed a more secure graphical password system to prevent shoulder surfing, smudge and brute force attack. This scheme is a combination of two types of graphical passwords recognition based and Cued recall based. Evaluation the usability and security of our proposed scheme have been explained in conclusion part.

Keywords: Brute force attack, graphical password, shoulder surfing attack, smudge attack.

Digital Object Identifier (DOI):

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 863


[1] Herb Weisbaum, Most American don't secure their smartphones. April 26,2014, url: most-American-don't-secure-their-smartphones.html
[2] Azad, S., Rahman, M., Ranak, M. N., Ruhee, B. K., Nisa, N. N., Kabir, N. ... & Zain, J. M. (2017). VAP code: A secure graphical password for smart devices. Computers & Electrical Engineering, 59, 99-109.‏
[3] Xiong, H., Chen, Y., Guan, Z., & Chen, Z. (2013). Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys. Information Sciences, 235, 329-340.‏
[4] Michael cooney, 10 common mobile security problem to attack. Pc world, url:
[5] Wiedenbeck, S., Waters, J., Birget, J. C., Brodskiy, A., & Memon, N. (2005, July). Authentication using graphical passwords: Effects of tolerance and image choice. In Proceedings of the 2005 symposium on Usable privacy and security (pp. 1-12). ACM.‏
[6] Janczewski, L. J., & Fu, L. (2010, October). Social engineering-based attacks: Model and New Zealand perspective. In Computer Science and Information Technology (IMCSIT), Proceedings of the 2010 International Multiconference on (pp. 847-853). IEEE.‏
[7] Cranor, L. F., & Garfinkel, S. (2005). Security and usability: designing secure systems that people can use. " O'Reilly Media, Inc.".
[8] Blonder, G. E. (1996). U.S. Patent No. 5,559,961. Washington, DC: U.S. Patent and Trademark Office.‏
[9] Chaturvedi, S., & Sharma, R. (2015). Securing text & image password using the combinations of persuasive cued click points with improved advanced encryption standard. Procedia Computer Science, 45, 418-427.
[10] Biddle, R., Chiasson, S., & Van Oorschot, P. C. (2012). Graphical passwords: Learning from the first twelve years. ACM Computing Surveys (CSUR), 44(4), 19.‏ ‏
[11] Kumar, M., Garfinkel, T., Boneh, D., & Winograd, T. (2007, July). Reducing shoulder-surfing by using gaze-based password entry. In Proceedings of the 3rd symposium on Usable privacy and security (pp. 13-19). ACM.‏
[12] Aviv, A. J., Gibson, K. L., Mossop, E., Blaze, M., & Smith, J. M. (2010). Smudge Attacks on Smartphone Touch Screens. Woot, 10, 1-7.‏
[13] Gokhale, M. A. S., & Waghmare, V. S. (2016). The shoulder surfing resistant graphical password authentication technique. Procedia Computer Science, 79, 490-498.‏
[14] Wiedenbeck S, Waters J, Sobrado L, Birget J. Design and evaluation of a shoulder-surfing resistant graphical password scheme. Proceedings of the international working conference on advanced visual interfaces (AVI); 2006.
[15] Passfaces Corporation. Passfaces: two factor authentication for the enterprise. Url: last accessed in June 2015.
[16] “ImagePass - Designing Graphical Authentication for Security” Martin Mihajlov E- business Department Faculty of Economics Borka Jerman-Blazi Jožef Stefan Institute Ljubljana, Marko Ilievski Seavus Group 2011.
[17] Jermyn I, Mayer A, Monrose F, Reiter MK, Rubin AD. The design and analysis of graphical passwords. Proceedings of the 8th USENIX security symposium; 1999.
[18] A. F. Syukri, E. Okamoto, and M. Mambo, "A User Identification System Using Signature Written with Mouse," in Third Australasian Conference on Information Security and Privacy (ACISP): Springer-Verlag Lecture Notes in Computer Science (1438), 1998, pp. 403-441.
[19] Susan Wiedenbeck, Jim Waters, Jean - Camille Birget and Alex Brodskiy, Nasir Memon. PassPoints, “Design and longitudinal evaluation of a graphical password system”, International Journal of Human-Computer Studies, 63(1-2): 102-127, July 2005.
[20] Passlogix,,Accessed on February 2007.
[21] Meng, Y., & Li, W. (2013, July). Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In IFIP International Information Security Conference (pp. 55-68). Springer, Berlin, Heidelberg.‏
[22] Aviv, A. J., Gibson, K. L., Mossop, E., Blaze, M., & Smith, J. M. (2010). Smudge Attacks on Smartphone Touch Screens. Woot, 10, 1-7.‏
[23] Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., Memon, N.: Passpoints: Design and Longitudinal Evaluation of A Graphical Password System. Int. J. Hum.-Comput. Stud. 63(1-2), 102–127 (2005)