⬆️ ⬇️

Graphic password does not allow the viewer to steal himself.

In this article I will tell about my thesis project on the theme “Iconographic method of user authentication. Is it possible to authenticate so that the person next to you, following your actions, cannot authenticate for you ”. In this publication I will briefly tell you the essence of the project.



image



Formulation of the problem





Remember password



image



Before authenticating, you must first select a password. The password is selected from a large set of icons and must consist of at least three different icons (hereinafter they will be called password icons). In this example, we selected 6 password icons. We now turn to the authentication itself.

')

Authentication



image



Authentication is as follows. The panel randomly houses a common set of icons, among which there will be 3 password icons from the selected password. The user should visually find three password icons, mentally connect them with lines, get a triangle and click the mouse inside this triangle.



Then all the icons are shuffled, some disappear, some new ones appear, as well as new password icons from the selected password (there can be a maximum of 3 password icons on the panel). And the user performs such a procedure several times; if he clicks inside the triangle a specified number of times, the authentication is considered to be passed. If the user at any stage of authentication misses, then authentication is considered not passed and you need to go through all the steps again.



Immediately there are several questions:



The probability of hitting a random mouse click in the password triangle



We will carry out statistical modeling and find out the probability of hitting a mouse click in the password triangle in stage 1 with different aspect ratios.



image



From this histogram, it can be seen that, the more the password panel approaches the square view, the probability of hacking becomes smaller and approximately equal to 10%. Therefore, the most preferred aspect ratio is 1: 1.



The calculations were carried out with a panel width of 5, 15 and 20 cells for icons. However, the results obtained do not practically differ from each other.



But the 10% probability of hitting the password triangle is too high. Therefore, authentication is carried out in several stages and it turns out that at the second stage of authentication, the probability of hacking is approximately equal to 10 ^ -2.



Program settings



  1. In the program, you can adjust the saturation of the panel with icons, on the one hand 100% saturation makes it difficult to find password icons, on the other hand, when saturation is less than 20%, there is a possibility that a person standing nearby can analyze and understand which icons are password-based. The optimal saturation of the panel with icons is 40-60%;
  2. For reliable protection, 5 stages of authentication of 10 ^ -5 are sufficient;
  3. The panel aspect ratio is also adjusted.


Conclusion





List of sources



The idea for writing the program was taken from here . Statistical observations were made and the probability of breaking the password triangle was determined.

Source: https://habr.com/ru/post/306736/



All Articles