Graphical Password Authentication

Parakram

30 Mar 202202:58

Summary

TLDRTeam Parakram introduces a graphical password authentication system to address the limitations of traditional text-based passwords. This user-friendly system leverages the ease of remembering images over text. Users register, select a color, and choose image categories to create a personalized sequence as their password. The password is securely hashed and encrypted before being stored in the cloud. Login involves selecting images in the correct sequence, with a two-factor authentication process for password updates. The system aims to enhance security while simplifying the authentication process.

Takeaways

🔒 The team Parakram has developed a graphical password authentication system to address the limitations of traditional text-based passwords.
🎨 The system is designed with user-friendliness in mind, including features like color selection to accommodate colorblind users.
📝 Users must register with the system by providing personal details such as name, email ID, and mobile number for identification.
🖼️ After registration, users select a color and choose categories from a filtered image pool to create a sequence of images that serve as their password.
🔐 The chosen password sequence is hashed using SHA-256 and encrypted with AES-256 before being stored in the cloud for security.
🔄 Users can sign in to websites using their graphical password by entering their mobile number and selecting images in the correct sequence.
🔄 The system verifies the entered sequence by decrypting and hashing it, then comparing it to the stored password.
🚫 If sign-in attempts exceed three, the user is notified via email to update their password, incorporating a two-factor authentication process for security.
🔄 A 'forgot password' feature is available, allowing users to reset their password through an email link.
🛡️ The system employs robust encryption and hashing algorithms to safeguard against brute force and dictionary attacks.
🚀 The team aims to implement a user-friendly graphical password authentication system to simplify the authentication process.

Q & A

What is the problem statement addressed by Team Parakram?
-Team Parakram addresses the issue of traditional text-based passwords being either too easy to guess or too difficult to remember, and proposes a graphical password authentication system as a solution.
What makes graphical passwords easier to remember than text-based passwords?
-Graphical passwords are based on images, which are generally easier for users to remember due to their visual nature compared to text.
What steps are involved in a user registering with the graphical password system?
-During registration, the user must provide details like name, email ID, and mobile number. They then select a color using radio buttons, and a filter is applied to the images in the image pool based on the chosen color.
How does the system accommodate colorblind users?
-The system includes a color selection feature using radio buttons, which allows colorblind users to easily navigate and use the graphical password method.
What is the process for selecting the actual password images?
-After applying the color filter, the images are categorized, and the user chooses categories they can remember. They then select a sequence of images from these categories to form their password.
How is the selected password secured and stored?
-The password is hashed using the SHA-256 algorithm, encrypted using the AES-256 algorithm, and then stored in the cloud.
What happens when a user wants to sign in using the graphical password?
-The user clicks on a button to sign in with the graphical password, enters their mobile number, and if they exist in the system, the color and categories are fetched to populate a grid with the password images and random images for selection.
How is the password verification process carried out during sign-in?
-The encrypted password is fetched from the database, decrypted, and the entered password is hashed and verified against the decrypted password. If they match, the user is authenticated.
What is the limit on the number of sign-in attempts allowed for a user?
-A user is allowed up to three sign-in attempts. If the attempts exceed this limit, the user is notified through email to update their password.
How does the system ensure secure password updates?
-The system uses two-factor authentication during password updates, requiring the user to enter their mobile number and an OTP received on their registered mobile number or email ID.
What feature does the system provide for users who forget their password?
-The system offers a 'forgot password' feature, where an email is sent to the user to reset their password, following the same process as updating the password.
How does the system prevent data breaches?
-The system uses the most secure encryption and hashing algorithms, such as SHA-256 and AES-256, making brute force and dictionary attacks almost impossible.
What is the ultimate goal of implementing the graphical password authentication system?
-The goal is to make the entire process of authentication much easier and more user-friendly while enhancing security.