Project Topics

Engineering Projects

Authentication Schemes for Session Passwords using Color and Images

Published on Sep 16, 2019


Textual passwords are the most common method used for authentication. But textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most of the graphical schemes are vulnerable to shoulder surfing. To address this problem, text can be combined with images or colors to generate session passwords for authentication. Session passwords can be used only once and every time a new password is generated. In this paper, two techniques are proposed to generate session passwords using text and colors which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants.


The most common method used for authentication is textual password. The vulnerabilities of this method like eves dropping, dictionary attack, social engineering and shoulder surfing are well known. Random and lengthy passwords can make the system secure. Studies have shown that users tend to pick short passwords or passwords that are easy to remember. These passwords can be easily guessed or cracked. The alternative techniques are graphical passwords and biometrics. But these two techniques have their own disadvantages. Biometrics, such as finger prints, iris scan or facial recognition have been introduced but not yet widely adopted.


· Very difficult to remembering the passwords.

· The major drawback of this approach is that such systems can be expensive and the identification process can be slow.


Personal Digital Assistants are being used by the people to store their personal and confidential information like passwords and PIN numbers. Authentication should be provided for the usage of these devices. Two new authentication schemes are proposed for PDAs. These schemes authenticate the user by session passwords. Session passwords are passwords that are used only once. Once the session is terminated, the session password is no longer useful. For every login process, users input different passwords. The session passwords provide better security against dictionary and brute force attacks as password changes for every session. The proposed authentication schemes use text and colors for generating session passwords.


· Having High tolerance levels

· Security is high


 Registration Phase

 User identify the images during Registration phase

 Login Phase

 Interface grid

 Intersection letter for the pair

 Rating the colors

 Login Interface

 Verification Phase


Registration Phase

In this Module, user enters his password. Minimum length of the password is 8 and it can be called as secret pass. The secret pass should contain even number of characters.

User identify the images during Registration phase

The user selects a certain number of images from a set of random pictures during registration the user has to identify the pre selected images for authentication from a set of images.

Login Phase

In this Module, the user has to enter the password based on the interface displayed on the screen. The user chooses four images of human faces as their password and the users have to select their pass image from eight other decoy images.

Interface grid

Session passwords are generated based on this secret pass. The user enters his username an interface consisting of a grid is displayed. The grid is of size 6 x 6 and it consists of alphabets and numbers. These are randomly placed on the grid and the interface changes every time.

Intersection letter for the pair

User has to enter the password depending upon the secret pass. User has to consider his secret pass in terms of pairs. The session password consists of alphabets and digits. The first letter in the pair is used to select the row and the second letter is used to select the column. The intersection letter is part of the session password. This is repeated for all pairs of secret pass.

Rating the colors

The User should rate colors from 1 to 8. Same rating can be given to different colors. The user enters his username an interface is displayed based on the colors selected by the user.

Login Interface

The login interface having the color grid and number grid of 8 x 8 having numbers 1 to 8 randomly placed in the grid. Depending on the ratings given to colors, we get the session password.

Verification Phase

The system verifies the password entered by comparing with content of the password generated during registration. The authentication techniques should be verified extensively for usability and effectiveness.



CPU type : Pentium IV 2.4 GHz.

Clock speed : 3.0 GHz

Ram size : 512 MB

Hard disk capacity : 40 GB

Monitor type : 15 Inch color monitor

Keyboard type : internet keyboard



 Operating system : Windows XP.

 Coding Language : Java 1.6

 Tool Kit : Android 2.2

 IDE : Eclipse

Related Projects