Cheng xue Qian, Xing wei Song, Yun Huang, Xue jia Lai
In this paper, we present a novel user-friendly graphical password scheme resistant against "watching" attacks. Snapshot, remote monitoring, and shoulder-surfing have in common that all these attacks act as if one could directly watch the users' behavior on the screen, resulting in an insecure use of alphanumeric passwords ("watching" attacks). New technology based on graphical passwords uses graphs as authentication media where the user identifies, reproduces, or interacts with graphs to prove his identity, which partly blocks the danger. However, current graphical passwords such as D-A-S, PassPoints, Passfaces TM, and the algorithms D. Hong and Sobrado, etc. proposed are either too complicated or ineffective against "watching" attacks. In our proposal, the authentication process uses familiar images that only true users can recognize. It is hard to fabricate even many previous authentication processes are totally exposed. Furthermore a detailed application in OTP, which basically establishes an extra OTP input encryption, is discussed and its security analysis is presented.