A '''graphical password''' or '''graphical user authentication''' is a form of authentication using images rather than letters, digits, or special characters. The type of images used and the ways, in which users interact with them vary between implementations.

==Content types and mechanisms==

===Image sequence=== Graphical passwords frequently require the user to select images in a particular order or respond to images presented in a particular order.<ref name=techtarget/>

===Image-generated text=== {{seealso|CAPTCHA}} Another graphical password solution creates a one-time password using a randomly generated grid of images. Each time the user is required to authenticate, they look for the images that fit their pre-chosen categories and enter the randomly generated alphanumeric character that appears in the image to form the one-time password.<ref name=darkreading/><ref name=marketwire/>

===Facial recognition=== One system requires users to select a series of faces as a password, utilizing the human brain's ability to recall faces easily.<ref name=butler/>

=== Draw-a-Secret (DAS) === Draw-a-Secret is a type of graphical password that requires the user to draw a picture over a grid. The user must exactly remember the user-drawn gestures in order to be authenticated.{{Citation needed|date=August 2023}} A larger stroke count corresponds with an increase in security, since it is harder for an attacker to copy the strokes and the order in which they are performed.<ref>{{Cite journal|last1=Oorschot|first1=P. C. van|last2=Thorpe|first2=Julie|date=January 2008|title=On predictive models and user-drawn graphical passwords|url=http://dx.doi.org/10.1145/1284680.1284685|journal=ACM Transactions on Information and System Security|volume=10|issue=4|pages=1–33|doi=10.1145/1284680.1284685|s2cid=3849996 |issn=1094-9224|citeseerx=10.1.1.216.5451}}</ref>

==Weaknesses== When not used in a private setting, graphical passwords are typically more susceptible than text-based passwords to "shoulder-surfing attacks", in which an attacker learns the password by watching the screen, as a user gains access.<ref name=zakaria/> ==References==

<references>

<ref name=butler>Butler, Rick A. (2004-12-21) [http://mcpmag.com/reviews/products/article.asp?EditorialsID=486 Face in the Crowd]. mcpmag.com. Retrieved on 2012-05-20.</ref> <ref name=techtarget>[http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1001829,00.html graphical password or graphical user authentication (GUA)]. searchsecurity.techtarget.com. Retrieved on 2012-05-20.</ref> <ref name=darkreading>{{cite web |url=http://www.darkreading.com/authentication/security/client/showArticle.jhtml?articleID=228200140 |title=Images Could Change the Authentication Picture |author=Ericka Chickowski |publisher=Dark Reading |date=2010-11-03}}</ref> <ref name=marketwire>"Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites">{{cite web|url=http://www.marketwire.com/press-release/Confident-Technologies-Delivers-Image-Based-Multifactor-Authentication-Strengthen-Passwords-1342854.htm|title=Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites|date=2010-10-28|access-date=2015-07-25|archive-date=2013-05-30|archive-url=https://web.archive.org/web/20130530231425/http://www.marketwire.com/press-release/Confident-Technologies-Delivers-Image-Based-Multifactor-Authentication-Strengthen-Passwords-1342854.htm|url-status=dead}}</ref> <ref name=zakaria>{{cite web|url=http://cups.cs.cmu.edu/soups/2011/proceedings/a6_Zakaria.pdf|last1=Zakaria|first1=Nur Haryani|last2=Griffiths|first2=David|last3=Brostoff|first3=Sacha|last4=Yan|first4=Jeff|title=Shoulder Surfing Defence for Recall-based Graphical Passwords|work=Symposium On Usable Privacy and Security (SOUPS) 2011|date=20 July 2011}}</ref>

</references>

Category:Password authentication