Token-based Graphical Password Authentication

  • Author / Creator
    Gyorffy, John
  • Given that phishing is an ever increasing problem, a better authentication system than the current alphanumeric system is needed. Because of the large number of current authentication systems that use alphanumeric passwords, a new solution should be compatible with these systems. We propose a system that uses a graphical password deployed from a Trojan and virus resistant embedded device as a possible solution. The graphical password would require the user to choose a family photo sized to 441x331 pixels. Using this image, a novel, image hash provides an input into a cryptosystem on the embedded device that subsequently returns an encryption key or text password. The graphical password requires the user to click five to eight points on the image. From these click-points, the embedded device stretches the graphical password input to a 32- character, random, unique alphanumeric password or a 256-bit AES key. Each embedded device and image are unique components in the graphical password system. Additionally, one graphical password can generate many 32-character unique, alphanumeric passwords using its embedded device which eliminates the need for the user to memorize many passwords.

  • Subjects / Keywords
  • Graduation date
    Fall 2009
  • Type of Item
  • Degree
    Master of Science
  • DOI
  • License
    This thesis is made available by the University of Alberta Libraries with permission of the copyright owner solely for non-commercial purposes. This thesis, or any portion thereof, may not otherwise be copied or reproduced without the written consent of the copyright owner, except to the extent permitted by Canadian copyright law.