A

Project Report
On

“Graphical user Authentication”

Submitted in partial fulfillment of
the requirements for the 7th Semester Sessional Examination of

BACHELOR OF TECHNOLOGY
IN

Computer Science and Engineering

By
Subrat Dash (20UG010466)
Suvam Parida (20UG010513)
K Vinod Kumar Achary (20UG010479)
Under the esteemed guidance of
Prof. Kedarnath Panda

SCHOOL OF ENGINEERING AND TECHNOLOGY

Department of Computer Science and Engineering
GIET University, GUNUPUR – 765022
2023-24

1
 CERTIFICATE

This is to certify that the project work entitled “Graphical User

Authentication” is done by Subrat Dash(20UG010466), Suvam

Parida(20UG010513), K Vinod Kumar Achary(20UG010479) in partial

fulfillment of the requirements for the 7 th Semester Sessional

Examination of Bachelor of Technology in Computer Science and

Engineering during the academic year 2023-24. This work is

submitted to the department as a part of evaluation of 7 th Semester

Major Project-1.

Project Supervisor Project -coordinator HOD, CSE

2
 ACKNOWLEDGEMENT

We express our sincere gratitude to Prof. Kedarnath Panda of Computer

science and engineering for giving me an opportunity to accomplish the
project. Without his active support and guidance, this project report has
been successfully completed.
We also thank Dr. Kakita Murali Gopal, Head of the department of
computer science, Prof. (Dr.) Sanjay Kumar Kuanar, Dy. Dean, SOET and
Dr. Chandrakanta Mahanty, Project Coordinator for their consistent
support, guidance and help.

Subrat Dash (20UG010466)

Suvam Parida (20UG010513)
K Vinod Kumar Achary (20UG010479)

3
 CONTENT PAGE

1. ABSTRACT
2. INTRODUCTION
2.1 PUROPOSE
2.2 OBJECTIVE
2.3 SCOPE
3. HARDWARE AND SOFTWARE
REQUIREMENT(Specifications)
4. CODE
5. BIBLIOGRAPHY(References)
6. CONCLUSION

4
Introduction
In the dynamic landscape of the digital age, the security of online platforms and the
protection of user data have become paramount concerns. As the frequency and
sophistication of Cyber threats continue to escalate, traditional methods of user
authentication, such as alphanumeric passwords, are increasingly vulnerable to
breaches. To address this vulnerability, there is a growing demand for innovative and
secure authentication mechanisms. One such avenue of exploration is the integration of
graphical elements into the authentication process, ushering in a new era of security
and user experience for websites.

The concept of graphical user authentication represents a departure from the

conventional reliance on text-based passwords. While alphanumeric passwords have
been the cornerstone of online security for decades, their limitations are becoming
increasingly apparent. Users are often burdened with the challenge of creating and
remembering complex passwords, leading to the widespread use of weak and easily
guessable combinations. Moreover, the rise of sophisticated hacking techniques,
including brute force attacks and phishing schemes, has underscored the vulnerability
of password-based systems.

In response to these challenges, the exploration of alternative authentication methods

has gained traction, with graphical user authentication emerging as a promising frontier.
Unlike traditional passwords, which rely on character sequences, graphical
authentication leverages visual elements to verify a user's identity. This paradigm shift
introduces a new layer of complexity for potential intruders, making it inherently more
resistant to various forms of Cyber threats.

The primary objective of graphical user authentication is to enhance the security posture
of websites while simultaneously improving the user experience. By tapping into the
human ability to recognize and recall visual patterns, this approach aims to create
authentication mechanisms that are both robust and user-friendly. The incorporation of
graphical elements in the authentication process not only adds an extra layer of security
but also addresses the human factor in security – a critical consideration given that user
behavior significantly influences the effectiveness of any security system.

This exploration is particularly timely in the context of the evolving cyber threat
landscape. High-profile data breaches and the compromise of sensitive information
underscore the urgency for adopting innovative security measures. Graphical user

5
authentication offers a departure from the status quo, challenging the notion that
security measures must be arduous for end-users. Instead, it proposes a paradigm
where security is not only robust but also seamlessly integrated into the user's digital
experience.

As we delve into the realm of graphical user authentication for websites, it is essential to
consider the diverse range of graphical elements that can be employed. From image-
based authentication to pattern recognition, the possibilities are vast, providing an
opportunity for customization based on the specific requirements of a website and the
preferences of its user base. Moreover, the integration of graphical authentication aligns
with the broader trend of human-centric design, where technology adapts to human
behavior, making the digital experience more intuitive and secure.

This exploration into graphical user authentication is not merely a theoretical endeavor
but a practical response to the evolving demands of the digital landscape. As we
navigate this landscape, it becomes evident that a multifaceted approach to security,
combining technological innovation with user-centric design, is crucial. The subsequent
sections of this documentation will delve into the intricate details of implementing
graphical user authentication for websites, examining the technological foundations,
design considerations, and the potential impact on user security and experience.
Through this exploration, we aim to contribute to the ongoing dialogue on advancing the
security landscape of the digital realm

Purpose –
In the realm of Cyber Security, the traditional paradigm of password-based
authentication is facing escalating challenges. The ubiquity of alphanumeric passwords
has led to a proliferation of security breaches, with users grappling with issues like weak
password choices, password reuse across multiple platforms, and vulnerability to
increasingly sophisticated Cyber threats. The purpose of the project titled "Graphical
User Authentication for Websites" is to revolutionize the conventional methods of user
authentication by introducing an innovative, visually-oriented approach that not only
bolsters security but also enhances the user experience.
The primary impetus behind this project is to counteract the limitations and
vulnerabilities inherent in alphanumeric password systems. Graphical User
Authentication (GUA) recognizes that humans possess an innate inclination towards
visual memory and recognition. Leveraging this aspect of human cognition, the project
seeks to replace or augment traditional passwords with graphical elements such as
images, patterns, or symbols. This shift in authentication methodology is underpinned

6
by the purpose of creating a more intuitive, memorable, and inherently secure user
authentication process.
A pivotal aspect of the project's purpose is to foster a Human-centric approach to
Cybersecurity. By acknowledging the cognitive strengths of users, GUA aims to create
an authentication experience that is not only more secure but also aligns with the
natural inclinations of human memory and perception. The purpose extends beyond
technological innovation to address the psychological and behavioral aspects of user
interaction with authentication systems.
The scope of the project is vast, encompassing the design, implementation, and
evaluation of a Graphical User Authentication system tailored explicitly for websites.
The purpose includes ensuring the adaptability and compatibility of the system with
diverse web-based platforms, ranging from personal blogs to enterprise-level
applications. Moreover, the project's purpose extends to examining the scalability of the
solution, anticipating its efficacy across various scales and types of websites.
As technology evolves, so does the scope of GUA. The purpose embraces the
exploration of potential integration s with emerging technologies such as mobile
applications and the Internet of Things (IOT). This forward-looking approach ensures
that the project remains relevant and adaptive to the future landscape of digital security.
In summary, the purpose of the "Graphical User Authentication for Websites" project is
to usher in a new era of cybersecurity by redefining user authentication through
innovative graphical elements. By addressing the shortcomings of traditional password
systems, the project aims to enhance security, usability, and user satisfaction in the
digital realm.

Scope -
The scope of the "Graphical User Authentication for Website" project is comprehensive,
encompassing multiple dimensions to ensure its relevance, effectiveness, and
adaptability in the dynamic realm of web security. The project's scope extends across
design, implementation, evaluation, and potential integration into emerging
technologies, with a keen focus on addressing the shortcomings of traditional
authentication methods.
1. Design and Implementation: The project's core scope involves the meticulous
design and implementation of a robust Graphical User Authentication (GUA)
system tailored explicitly for websites. This includes the creation of a diverse set
of graphical elements, symbols, or patterns that users can employ to authenticate
their identity. The design will prioritize User-centric principles to ensure that the
authentication process is not only secure but also user-friendly and memorable.

7
 2. Usability across Web Platforms: Recognizing the diversity of web platforms,
from personal blogs to enterprise-level applications, the project's scope extends
to ensuring the compatibility and seamless integration of GUA into various web-
based systems. This adaptability is crucial to accommodate the different scales,
purposes, and technical architectures of websites.
3. Scalability: The solution's scalability is a critical aspect of the project's scope,
aiming to provide a flexible authentication method that can be implemented
across a wide range of websites. Whether a small-scale personal blog or a large-
scale enterprise application, the GUA system should scale effectively without
compromising its security or usability.
4. Security Enhancement: The primary objective of the project is to enhance the
security landscape of website authentication. The scope includes addressing
vulnerabilities associated with traditional password systems, providing a more
secure alternative that mitigates risks such as password reuse, brute force
attacks, and phishing.
5. Integration with Emerging Technologies: To ensure the project's longevity and
relevance, the scope extends to exploring potential integrations with emerging
technologies. This includes investigating how GUA can be seamlessly integrated
into mobile applications and Internet of Things (IoT) devices. This forward-
looking approach aligns the project with the ongoing evolution of digital
technologies.
In conclusion, the scope of the "Graphical User Authentication for Website" project is
multifaceted, covering design, implementation, compatibility, scalability, security
enhancement, integration with emerging technologies, and continuous improvement
through user feedback. This comprehensive scope positions the project as a holistic
solution to the contemporary challenges of website authentication, with a vision for
future adaptability and innovation.

Features –
1. Innovative Authentication Mechanism: The project introduces a paradigm shift in
user authentication by adopting a novel graphical approach. Departing from
traditional alphanumeric passwords, this innovative mechanism employs visual
elements to create a more intuitive and secure authentication process. Users will
interact with graphical patterns, symbols, or images, enhancing both the
memorability and effectiveness of the authentication experience.

2. User-Centric Design: A distinguishing feature of the project lies in its user-centric

design. Recognizing the natural inclination of human cognition towards visual
elements, the graphical user authentication system is crafted to align with users'
cognitive strengths. By incorporating familiar visual cues, the system aims to
create an authentication process that is not only secure but also seamlessly

8
 integrates with users' cognitive processes, promoting a positive and memorable
user experience.

3. Security Enhancement: Addressing the inherent vulnerabilities of traditional

alphanumeric passwords, the project significantly enhances security. Graphical
User Authentication adds an extra layer of complexity and uniqueness to user
credentials, mitigating risks associated with password-related threats such as
brute-force attacks and password reuse. This feature ensures a robust defense
against evolving cyber threats in the digital landscape.

4. Compatibility: Ensuring widespread adoption, the project prioritizes compatibility

with various web-based platforms. Whether implemented on personal blogs, e-
commerce sites, or enterprise-level applications, the graphical user
authentication system is designed for seamless integration. This inclusive
enhances its applicability across diverse digital environments, making it
accessible and beneficial for a broad spectrum of websites.

5. Scalability: The scalability of the solution is a key feature, allowing it to cater to

websites of varying scales and complexities. From small-scale personal websites
to large-scale enterprise applications, the graphical user authentication system is
engineered to scale effectively. This adaptability ensures that the benefits of
enhanced security and user-centric design are accessible to websites
irrespective of their size or purpose.

6. Adaptability to Emerging Technologies: Anticipating the trajectory of

technological advancements, the project explores integration possibilities with
emerging technologies. The solution is envisioned to seamlessly adapt to the
evolving landscape of digital platforms, including integration with mobile
applications and compatibility with Internet of Things (IOT) devices. This forward-
looking approach positions the project at the forefront of technological innovation
in the realm of user authentication.
In summary, the "Graphical User Authentication for Website" project offers a suite of
features that collectively redefine the standards for website security and user
experience. From its innovative authentication mechanism to its adaptability to
emerging technologies, the project is poised to usher in a new era of secure and user-
friendly authentication for websites.

9
Software Requirement –

 Html
 Javascript
 Css
 Web Browser
 A builtin website


Hardware Requirement -

 A large amount of storage space(Minimum storage- 4gm Ram)

 A high-speed storage device (such as a SSD)
 A powerful CPU and GPU ( i3 or Ryzen 3 or more)

USER QUESTIONNAIRE

Here are some of them:

 Survey on Graphical Password Authentication System:

 This paper provides a survey of various graphical authentication schemes and their
advantages and disadvantages.
 It also suggests a road map for future enhancement of graphical authentication
systems.
 Survey on Recognition-Based Graphical User Authentication Algorithms: This paper
describes eight recognition-based authentication algorithms and compares them
based on usability and security standards from ISO and attack patterns.
 A survey on usability and security features in graphical user authentication
algorithms: This paper reviews the security and usability features of graphical
password authentication schemes and classifies them into three categories: recall-
based, recognition-based, and cued recall-based.
 Recognition-Based Graphical Password Algorithms: A Survey: This paper presents
a comprehensive survey of recognition-based graphical password algorithms and
analyzes them based on various criteria such as memory load, password space,
etc.

10
GRAPHICAL PASSWORD:Graphical passwords lead to using pictures (also draw-ings)
as passwords. In theory, graphical passwords are more comfortable to remember, since
humans remember pictures better than words. Also, they should be more resistant to
brute-force attacks, because the research space is practically infinite. In usual, graphical
passwords techniques are classic-fied into two main sections.

PROPOSED SYSTEM:The proposed authentication system operates as follows. At the

time of registration, a user performs a graphical password by first opening a picture he
or she wants. The user then takes several point-of-interest (POI) areas in the picture.
Each POI is defined by a circle (center and radius). For every POI, the user types a
word or phrase that would be connected with that POI.

ADVANTAGES:
 The system is user-friendly and has an easy interface.
 It provides strong security against bot attacks or hackers.
 Protects systems exposed to attacks.
 Graphical passwords systems provide a way of making more human-friendly
passwords.
 In this system, the security of the system is very high.
 Dictionary advances and brute power searches are infeasible.

DISADVANTAGES:
 The only disadvantage is if users forget the password, it cannot be recovered. So
they can lose their security.
 Some time remembering the pattern is Difficult.

11
METHOLOGY-

In this project when any user tries to access the Homepage, they will be provided with
three options register, login and about developer. If you have not registered yet, then
you have to click register option.
1. Then register page will appear, you have to provide first text base password and
necessary information like first name, last name, email, password, security
question etc.
2. After clicking next Second colour base graphical password security page will
appear, then u have to select password sequentially . And you have to remember
sequentially base on colour.
3. After clicking next Image base password page will appear, you have to select
multiple images as a password and save it.
4. Then you have to come back to home page, then you have to click on login. After
that you have to provide the username and correct password. If text base
username and password are correct, then you have successfully login in text
base password.
5. Then colour base password page will appear, after that you have to give colour
base password. If it is correct, then you have successfully login in colour base
password.
6. Then Image base password page will appear, after that you have to select image
base on password. If it is correct, then you have successfully login in image base
password.
7. Then main page will come.

12
Comparison Of Password Technologies-

Comparison Text Based Colour Based Image Based

Security Less Highest Highest

Required Cost Nothing Less Less

Usability Easy Easy Easiest

Availability Always Always Always

GUI User Friendly / Not user friendly / User Friendly / more

attractive Attractive Attractive

ANALYSIS AND RESULT-

User Friendly of Graphical Password-

Graphical password is a user-friendly authentication system. User friendly
authentication means we can use this system everywhere like any device or any site. It
is very easy to use and everyone can easily remember their password. This graphical
password system is an alternative solution for text-based password. Graphical
authentication system, where a user can register randomly and it’s more secure
password than others. In this system main characteristic, there is no difficulty in
remembering the registered password. The basic goal of this system is to achieve
higher security with easy technique to use by a user and difficult to guess by a hacker.

Application
We are using digital devices everyday where we have to come cross an authentication
process every time. graphical password is a user-friendly authentication system. So, we
are approaching to use everywhere like on web development, desktop level and any
other application level. Some applications which are presently using graphical password
authentication systems.
• Web application. • Mobile system.
• File locks system. • Desktop security level.

13
Security Analysis
Graphical password system offers a strong security against brute force and guessing
attacks as it has two level of graphical passwords system. The password system is
difficult to guess the password system by a person and it is a shoulder-surfing
resistance system. It has a very large password range. For this project we used 3 level
of security authentication following

For step1: Authentication of text base password.

For step2: Colour Base Authentication.
For step3: Image Base Authentication

1. Brute Force Attack: Brute force is a digital attack where the attacker tries to
guess the correct password. So, to defend against brute force attacks they
system should have a large combination of password which is very difficult to
remember for human. Instants of large text password we create a graphical
password interface. It is very difficult to guess the correct password.
2. Spyware: Spyware is another possible attack mechanism for graphical
passwords. There are several types of spyware including keyloggers, hijackers
and spy bots. Spyware collects information entered by the user. With graphical
passwords, it is more difficult to conduct spyware-based attacks because it is
harder to copy mouse motions exactly. Combinations of pass images and
CAPTCHA may be especially resistant to spyware

14
15
Working –
Our website is suitable for real-time websites which just runs in a real-time environment
in a real-time operating system. At first when we start the website it will ask for
authentication. If you have your account details saved in your session data then you can
just directly login using your email id and the password. Remember here your password
is the series of photos in a order which you have selected while creating the account.
If you don’t have any account previously signed in then you have to click sign up where
you will be directly creating an account by giving your mail id and selecting the
password by selecting the series of images in an order. Then your data will be stored in
a session data in an encrypted format. But here all the data will be lost once you close
the window. Now, you can go to the sign in and do the same. Enter your mail id and
then select the series of images as selected before while signing up. Select all the
images in an order. Then the series of images consists of a code which will directly
match that password present in the session data. If the password is not matched then it
will show error dialog box and it will show the forget password options where you will
get the option to change the password.
Then after selecting the right password, you will be redirected to the desired website.

16
Future Scope

 Here you can add support for normal static web-pages.

 You can also increase your ram to get more space to save session data where
you can store the login details.
 You can connect it to the server where you will have to accept the login details
every time a user tries to create an account.
 If you get more ram then you can also have image of your choice and select
images of your wish.
 You can also add the images and store the password in the internal Storage but
you also get a threat I’m getting hacked off your password.
 You Can support images to get higher security so that no one can trace your
password by using your fingerprint or finger tips.
 You can also turn off the screen while screen recording or you can blank the
screen when you start your screen recording so that the password can’t be
captured while typing Or selecting the series of images in order.

17
REFERENCES-

[1] William Stallings and Lawrie Brown. Computer Security: Principle and Practices.
Pearson Education, 2008.
[2] Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy, and Nasir
Memon. Passpoints: design and longitudinal evaluation of a graphical password system.
International Journal of Human-Computer Studies, 63:102–127, July 2005.
[3] Robert Morris and Ken Thompson. Password security: a case history.
Communications of the ACM, 22:594– 597, November 1979.
[4] Daniel V. Klein. Foiling the Cracker: A Survey of, and Improvements to, Password
Security. In Proceedings of the 2nd USENIX UNIX Security Workshop, 1990.
[5] Graphical Password Authentication. ShraddhaM. Gurav Computer Department
Mumbai University RMCET Ratnagiri, India. Leena S. Gawade Computer Department
Mumbai University RMCET Ratnagiri, India, 2014 IEEE.
[6] Enhancement of Password Authentication System Using Graphical Images. Amol
Bhand,Vaibhav desale Savitrybai Phule Pune University, Swati Shirke Dept.of
Computer Engineering NBN Sinhgad School of Engineering, Pune, Dec 16-19, 2015.
[7] The Shoulder Surfing Resistant Graphical Password Authentication Technique.
Mrs.Aakansha S. Gokhalea , Prof. Vijaya S.Waghmareb.
[8] A New Graphical Password Scheme Resistant to Shoulder-Surfing. Uwe Aickelin
School of Computer Science the University of Nottingham Nottingham, NG8 1BB, U.K.
[9] Minimizing Shoulder Surfing Attack using Text and Colour Based Graphical
Password Scheme. Prof. S. K. Sonkar, Prof. R. L. Paikrao , Prof. Awadesh Kumar, Mr.
S. B. Deshmukh, Computer Engineering Dept. Computer Engineering Dept. Amrutvahini
College of engineering, February - 2014.

CONCLUSION:
User authentication is a major component in most maximum computer
safety contexts. In this extended abstract, we introduced a simple graphical
password authentication system. The system connects graphical and text-
based passwords trying to manage the best of both worlds. It also provides
multi-factor authentication in a friendly natural system. We described the
system operation with some examples and highlighted the major features
of the system.

18