graphical password

A graphical password is easier than a text-based password for most people to remember. Suppose an 8-character password is necessary to gain entry into a particular computer network. Instead of w8KiJ72c, for example, a user might select images of the earth (from among a screen full of real and fictitious planets), the country of France (from a map of the world), the city of Nice (from a map of France), a white stucco house with arched doorways and red tiles on the roof, a green plastic cooler with a white lid, a package of Gouda cheese, a bottle of grape juice, and a pink paper cup with little green stars around its upper edge and three red bands around the middle.

Graphical passwords may offer better security than text-based passwords because many people, in an attempt to memorize text-based passwords, use plain words (rather than the recommended jumble of characters). A dictionary search can often hit on a password and allow a hacker to gain entry into a system in seconds. But if a series of selectable images is used on successive screen pages, and if there are many images on each page, a hacker must try every possible combination at random. If there are 100 images on each of the 8 pages in an 8-image password, there are 100⁸, or 10 quadrillion (10,000,000,000,000,000), possible combinations that could form the graphical password! If the system has a built-in delay of only 0.1 second following the selection of each image until the presentation of the next page, it would take (on average) millions of years to break into the system by hitting it with random image sequences.

Read more about graphical password: - David Bensinger, Ph.D. has written a white paper entitled "Human Memory and the Graphical Password." - "The Design and Analysis of Graphical Passwords" by Ian Jermyn and others provides a technical presentation. - SearchSecurity.com has a story called "Graphical passwords still far from picture perfect."

Do you have something to add to this definition? Let us know. Send your comments to [email protected]

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT How to prevent SSH brute force attacks Brute force attacks on the Secure Shell (SSH) service have been used more frequently to compromise accounts and passwords. Expert John Strand explains... How to secure services that allow end-users to retrieve forgotten passwords If you're running any type of service that allows end-users to retrieve forgotten passwords, network security expert Mike Chapple has some tips on how... Identity and access management 2009: Staff cuts, insider threats Identity and access management in 2009 will be drastically different from 2008, most notably because staff reductions may result in a new crop of...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary identity chaos  (SearchSecurity.com) logon  (SearchSecurity.com)