The Design And Implementation Of A Novel Graphical Password Scheme Of Area-Selected

With the improvement of information security requirements, authentication systemhas infiltrated every corner of the current information society. The alphanumericpassword scheme is one of the most popular authentication methods. However, manyinherent defects in alphanumeric password make it so difficult to meet both usabilityand security requirements at the same time. To overcome these disadvantages ofalphanumeric password, the new graphical password came into being. The existinggraphical passwords can be divided into three categories. Although different types ofgraphical passwords have their own advantages, there are also inevitable drawbacks oftheir own. For example, the area-selected graphical password has an advantage inpassword space and operation, but it is vulnerable to shoulder surfing attack. Therefore,combining different types of graphical password to avoid weaknesses has become a newtrend of graphical passwords.We propose a new area-selected graphical password scheme in this paper, namedCBFG (Click Buttons according to Figures in Grids). Inheriting the way of settingpassword in traditional area-selected graphical password schemes, this scheme is alsoadded the ideology of image identification. We introduce the design of multiplebackground images each of which is divided into grid areas as users’ password areas’option in CBFG, making users incline to set their password more complex. Theauthentication operation is not directly aimed at password areas, which provides aresistance to shoulder surfing attack to area-selected graphical password for the firsttime. Including password start-icon in users’ password and generating randomtail-number in the authentication, users’ information are protected effectively in theauthentication process, which make the graphical passwords against shoulder surfingfirst truly have the performance of preventing intersection analysis attack. We not onlyintroduce the design ideas and basic principles of CBFG in detail, but also specificallyexpound the program implementation of the scheme. In addition, we conduct a series ofexperiment and discuss all aspects of the performance. As can be concluded from theanalysis, CBFG has better performance in availability, especially in terms of security.