Hackers of India

Inception of graphical passwords

By  Rishi Narang  on 01 Mar 2013 @ Nullcon

Presentation Material

Abstract

The paper describes a way to give the end users an authentication which is easy to remember yet meet the complexity criteria that is must for any authentication. In a general scenario, it is not easy to remember an alphanumeric password of 15 characters. But, with this in hand you can easily remember a password of complexities up to 100 characters or even more and will not forget that. Think the ease it provides on your memory, and yet meet all the complexity standards. The randomization of password at every authentication screen makes sure that you are never sniffed out in a session. The password works with a graphical authentication and has infinite possibilities of choosing it. The canvas provides ‘easy to remember’ confidence, and as decoded in the background the actual long alpha-numeric string provides you the complexity you need for your password.

AI Generated Summarymay contain errors

Here is a summarized version of the content:

The speaker is discussing an alternative password system that uses a graphical approach. Instead of typing a long password, users can click on a series of dots or squares to generate a complex and secure password. The system allows for alpha-numeric strings with symbols, making it difficult for hackers to use brute force attacks.

The speaker demonstrates the system by clicking on three dots, generating a unique password each time. They explain that even if an attacker tries to guess the password, they would have to make millions of attempts to crack it.

The system can be used as an optional or two-factor authentication method, allowing users to choose between typing a text password and using the graphical approach. The speaker mentions that banks often use a similar approach, sending a code to a user’s mobile phone or asking them to choose from a set of pictures after entering their alpha-numeric password.

The speaker also hints at writing a future paper on how to hack graphical passwords, but notes that it would require understanding the grid and drawing concept behind the system.