Graphical Password Authentication

Parakram

30 Mar 202202:58

Summary

TLDRTeam Parakram introduces a graphical password authentication system to address the limitations of traditional text-based passwords. This user-friendly system leverages the ease of remembering images over text. Users register, select a color, and choose image categories to create a personalized sequence as their password. The password is securely hashed and encrypted before being stored in the cloud. Login involves selecting images in the correct sequence, with a two-factor authentication process for password updates. The system aims to enhance security while simplifying the authentication process.

Takeaways

🔒 The team Parakram has developed a graphical password authentication system to address the limitations of traditional text-based passwords.
🎨 The system is designed with user-friendliness in mind, including features like color selection to accommodate colorblind users.
📝 Users must register with the system by providing personal details such as name, email ID, and mobile number for identification.
🖼️ After registration, users select a color and choose categories from a filtered image pool to create a sequence of images that serve as their password.
🔐 The chosen password sequence is hashed using SHA-256 and encrypted with AES-256 before being stored in the cloud for security.
🔄 Users can sign in to websites using their graphical password by entering their mobile number and selecting images in the correct sequence.
🔄 The system verifies the entered sequence by decrypting and hashing it, then comparing it to the stored password.
🚫 If sign-in attempts exceed three, the user is notified via email to update their password, incorporating a two-factor authentication process for security.
🔄 A 'forgot password' feature is available, allowing users to reset their password through an email link.
🛡️ The system employs robust encryption and hashing algorithms to safeguard against brute force and dictionary attacks.
🚀 The team aims to implement a user-friendly graphical password authentication system to simplify the authentication process.

Q & A

What is the problem statement addressed by Team Parakram?
-Team Parakram addresses the issue of traditional text-based passwords being either too easy to guess or too difficult to remember, and proposes a graphical password authentication system as a solution.
What makes graphical passwords easier to remember than text-based passwords?
-Graphical passwords are based on images, which are generally easier for users to remember due to their visual nature compared to text.
What steps are involved in a user registering with the graphical password system?
-During registration, the user must provide details like name, email ID, and mobile number. They then select a color using radio buttons, and a filter is applied to the images in the image pool based on the chosen color.
How does the system accommodate colorblind users?
-The system includes a color selection feature using radio buttons, which allows colorblind users to easily navigate and use the graphical password method.
What is the process for selecting the actual password images?
-After applying the color filter, the images are categorized, and the user chooses categories they can remember. They then select a sequence of images from these categories to form their password.
How is the selected password secured and stored?
-The password is hashed using the SHA-256 algorithm, encrypted using the AES-256 algorithm, and then stored in the cloud.
What happens when a user wants to sign in using the graphical password?
-The user clicks on a button to sign in with the graphical password, enters their mobile number, and if they exist in the system, the color and categories are fetched to populate a grid with the password images and random images for selection.
How is the password verification process carried out during sign-in?
-The encrypted password is fetched from the database, decrypted, and the entered password is hashed and verified against the decrypted password. If they match, the user is authenticated.
What is the limit on the number of sign-in attempts allowed for a user?
-A user is allowed up to three sign-in attempts. If the attempts exceed this limit, the user is notified through email to update their password.
How does the system ensure secure password updates?
-The system uses two-factor authentication during password updates, requiring the user to enter their mobile number and an OTP received on their registered mobile number or email ID.
What feature does the system provide for users who forget their password?
-The system offers a 'forgot password' feature, where an email is sent to the user to reset their password, following the same process as updating the password.
How does the system prevent data breaches?
-The system uses the most secure encryption and hashing algorithms, such as SHA-256 and AES-256, making brute force and dictionary attacks almost impossible.
What is the ultimate goal of implementing the graphical password authentication system?
-The goal is to make the entire process of authentication much easier and more user-friendly while enhancing security.

Outlines

00:00

🔒 Introducing Graphical Password Authentication

Team Parakram introduces a novel approach to online authentication with a graphical password system, addressing the common issues with traditional text-based passwords. The system is designed to be more user-friendly and secure, leveraging the fact that images are easier to remember than text. Users register with basic details and select a color to accommodate colorblind individuals. The system filters images based on the chosen color and categories, allowing users to create a sequence of images as their password. This password is then securely hashed and encrypted before being stored in the cloud.

🎨 Customizing Your Graphical Password

The graphical password system allows users to select images from various categories to create a personalized password sequence. This feature enhances security by making the password more unique and harder to guess. The system also provides a login mechanism where users enter their mobile number, and the system retrieves their color and categories to display a grid of images. Users must select the images in the correct sequence to authenticate, with the system comparing the entered sequence to the stored, encrypted password.

🛡️ Security and Authentication Process

The system emphasizes security by using the SHA-256 hashing algorithm and AES-256 encryption to protect user passwords. It also implements a two-factor authentication process for password updates, requiring users to enter a mobile number and an OTP to ensure that only the legitimate user can change the password. If a user fails to authenticate after three attempts, they are notified via email to update their password. Additionally, a 'forgot password' feature is available, allowing users to reset their password through a secure process.

🔄 Password Update and Security Measures

In the event a user needs to update their password, the system provides a secure method to do so. After receiving an OTP on their registered mobile number or email, users can choose a new password. The system also includes a 'forgot password' feature, which sends an email to the user to initiate the password reset process. The summary of the process for updating or resetting the password is the same, ensuring a consistent and secure user experience.

🌐 Implementing a User-Friendly Authentication System

Team Parakram aims to implement this graphical password authentication system to simplify the authentication process, making it more accessible and secure for all users. The system is designed with a user-friendly flow and incorporates the most secure encryption and hashing algorithms to protect against brute force and dictionary attacks. The team thanks the audience for their attention and looks forward to making the authentication process easier with this innovative solution.

Mindmap

Keywords

💡Graphical Password

A graphical password is an authentication method that relies on images instead of traditional text-based passwords. It is easier for users to remember complex patterns or sequences of images than strings of characters. In the video's context, the team introduces a system where users select images and their sequence to create a password, which is then used for secure authentication on the internet.

💡Authentication

Authentication is the process of verifying the identity of a user or device. It is a critical component in ensuring that only authorized individuals gain access to certain content or systems. The video discusses a graphical password system as an innovative method for user authentication, highlighting its advantages over traditional text-based passwords.

💡SHA-256

SHA-256 is a cryptographic hash function from the SHA-2 family, widely used for ensuring data integrity. It produces a unique, fixed-size string of characters, which is nearly impossible to reverse-engineer. In the script, SHA-256 is mentioned as the hashing algorithm used to secure the graphical passwords, ensuring that even if data is intercepted, it cannot be easily deciphered.

💡AES256

AES256, or Advanced Encryption Standard with a 256-bit key, is a symmetric encryption algorithm known for its strength and efficiency. It encrypts data in blocks, making it highly secure against attacks. The video script describes the use of AES256 to encrypt the hashed graphical passwords before they are stored in the cloud, adding an extra layer of security.

💡Two-Factor Authentication

Two-factor authentication (2FA) is a security process that requires users to provide two different authentication factors to verify their identity. It adds an additional layer of security beyond just a password. In the script, the team mentions using 2FA to ensure that only the legitimate user can update their password, enhancing the overall security of the system.

💡Colorblind Users

The term 'colorblind users' refers to individuals who have difficulty distinguishing between certain colors. The script highlights the team's consideration for accessibility by including a color selection feature that is usable by colorblind individuals, demonstrating an inclusive approach to the graphical password system.

💡Image Pool

An image pool is a collection of images from which users can select to create their graphical passwords. The script describes how the system applies a color filter to the image pool, allowing users to choose images that are easier for them to remember, thus personalizing the authentication process.

💡Password Hashing

Password hashing is the process of converting a password into a fixed-size string of characters using a hash function. It is a one-way process, meaning the original password cannot be retrieved from the hash. In the video, hashing is used to transform the user's chosen sequence of images into a secure format before encryption.

💡Cloud Storage

Cloud storage refers to the practice of storing data on remote servers accessed via the internet, rather than local servers or personal devices. The script mentions storing the encrypted and hashed passwords in the cloud, which allows for secure and accessible storage that can be retrieved for authentication purposes.

💡OTP

OTP stands for One-Time Password, which is a temporary code used for two-factor authentication. It is typically sent to a user's mobile number or email and must be entered within a certain timeframe to verify their identity. The script describes using OTP as part of the password reset process, adding a layer of security to ensure that only the legitimate user can update their password.

💡Brute Force Attack

A brute force attack is a method used by hackers to crack passwords by systematically trying all possible combinations until the correct one is found. The script mentions that the use of strong encryption and hashing algorithms makes brute force and dictionary attacks almost impossible, thereby enhancing the security of the graphical password system.

Highlights

Team Parakram introduces a graphical password authentication system to address the limitations of traditional text-based passwords.

Graphical passwords are proposed as an alternative because images are easier to remember than text.

The system includes a registration process requiring user details such as name, email, and mobile number.

A color selection feature is implemented to accommodate colorblind users.

Images are filtered by user-selected colors and categorized for easier memorization.

Users can choose from multiple categories to create a sequence of images that function as their password.

The selected images are hashed using the SHA-256 algorithm and encrypted with AES-256 before storage.

A login process is described where users can authenticate with their graphical password.

The system checks for user existence and prompts for mobile number entry during login.

A grid of password images and random images is displayed for the user to select in their password sequence.

Authentication involves decrypting the stored password and verifying it against the user's selection.

Users are allowed three login attempts, after which they receive an email notification to update their password.

Two-factor authentication is used for password updates to ensure security.

A 'forgot password' feature is available, triggering an email to reset the password.

The system aims to prevent data breaches by using secure encryption and hashing algorithms.

The graphical password authentication system is designed to be user-friendly and practical for internet authentication.

The team plans to implement this system to simplify the authentication process.

The presentation concludes with a thank you note, emphasizing the team's commitment to improving authentication methods.