As part of an assignment for CS4203 Computer Security I wrote an Analysis of Graphical Passwords.
Graphical passwords have been suggested due to the simple fact that humans can remember images better than text. Paivio’s “dual-coding theory” is the most widely accepted and it suggests that images are assigned perceived meaning whereas text is represented symbolically. This allows for passwords that are easier to recall, stronger and less vulnerable to attacks than text based passwords.
Graphical passwords are commonly assorted in three groups depending on how they are memorized and nserted: recognition, recall and cued-recall. Thus, the three graphical password techniques that we will discuss, compare and contrast in this report are PassFaces™ which is a recognition-based system, GrIDsure™; a recall-based system and PassPoints; a cued-recall system. PassFaces™ is the most comprehensively studied recognition-based system. The user pre-selects a group of human faces, then during login these faces will be presented and the user must select the ones picked up before among other random faces. It uses a system-assigned portfolio of faces that users will have to memorize during the training process.
GrIDsure™ uses a 5 x 5 grid of digits where users are required to select and memorize a pattern that should consist of an ordered subset of these 25 grid squares.
PassPoints consists of a “arbitrarily chosen sequence of points” in an image that the user has to memorize.
You can read the full article here.