A Survey: Security Vulnerabilities and Protective Strategies for Graphical Passwords

Author:

Saadi Zena Mohammad1ORCID,Sadiq Ahmed T.1ORCID,Akif Omar Z.2,Farhan Alaa K.1ORCID

Affiliation:

1. Computer Science Department, University of Technology—Iraq, Baghdad 10066, Iraq

2. Department of Computer Science, College of Education for Pure Science (Ibn al-Haitham), University of Baghdad, Baghdad 10066, Iraq

Abstract

As technology advances and develops, the need for strong and simple authentication mechanisms that can help protect data intensifies. The contemporary approach to giving access control is through graphical passwords comprising images, patterns, or graphical items. The objective of this review was to determine the documented security risks that are related to the use of graphical passwords, together with the measures that have been taken to prevent them. The review was intended to present an extensive literature review of the subject matter on graphical password protection and to point toward potential future research directions. Many attacks, such as shoulder surfing attacks, SQL injection attacks, and spyware attacks, can easily exploit the graphical password scheme, which is one of the most widely used. To counter these security threats, several measures have been suggested, but none of the security attacks can be completely overcome. Each of the proposed measures has its pros and cons. This study begins by elucidating some of the graphical password schemes studied between 2012 and 2023, delving into potential threats and defense mechanisms associated with these schemes. Following a thorough identification and selection process, five of the reviewed papers explain the threat of shoulder surfing and spyware attacks on graphical password schemes, while two explain the threat of brute force attacks. One paper focuses on dictionary attacks, while four other papers address social engineering, SQL injection attacks, and guessing attacks as potential threats to graphical password schemes. In addition, the papers recognize other forms of attacks, such as video recording attacks, filtering attacks, reverse engineering attacks, multiple observation attacks, key/mouse logger attacks, insider attacks, computer vision attacks, image gallery attacks, sonar attacks, reply attacks, data interception attacks, and histogram manipulation attacks. These attacks are examined in three, three, eight, one, four, one, one, one, one, one, one, and one papers, respectively. Moreover, out of all such countermeasures, most of them are based on three categories—randomization, obfuscation, and password space complexity—which are the most commonly employed strategies for improving graphical password schemes.

Publisher

MDPI AG

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3