Recognition-based schemeA recognition-based scheme focus on identifying decoys the visual objectives belonging to a password portfolio.
PassFaces 14 is one scheme where the user selects a portfolio of faces from the database while creating a password. During authentication, the user asks to select a face from the panel of faces from his/her portfolio. This will be done several rounds, for every round with a different panel. To be successful in login, a user must select the correct face in each round. The images are same for same for logins but their locations are changed. Story 20 is another schema which is like pass faces but the images a user selects while creating the password are in ordered and the user must provide the images in correct order. Another scheme Déjà Vu 21 is also similar but instead of a portfolio, the computer generates “random-art” images.
Here user should provide a path through a panel of images like: starting from the top-left image, moving down if the image is in her portfolio, or right otherwise 22. This process repeats with different panel each time. To get a successful login, the user needs to give correct answers with the cumulative probability that were not entered by chance exceeds a threshold within a given number of rounds.In recall-based scheme, it asks user to regenerate the same interaction result without cueing. The first recall-based scheme proposed was Draw-A-Secret (DAS) 15 which asks the user to draw password on a 2D grid i.e.
figure 2. The system analyses the grid cells and drawing path of user-drawn password. Pass-Go 16 is an improved version of DAS, where this analysis grid intersection points instead of grid cells. BDAS 31 is also improved version where this adds background images to DAS which helps to create more complex passwords. In the cued-recall scheme, the system provides some external clue which helps to memorize and enter a password.
PassPoints 17 is one of the cued-recall scheme also known as click-based cued-recall scheme where password is created by clicking at sequence of points anywhere on image and during authentication repeat the same sequence. Cued Click Points (CCP) 23 is like Pass Points instead of clicking all clicks on one image here each click will on different images, where the next image selected by a deterministic function. Persuasive Cued Click Points (PCCP) 26 improved version of CCP where password was generated by selecting a point inside a randomly positioned viewport, resulting in more randomly distributed click-points in a password. From the above three types, the easiest way recognition-based scheme is easy for users to memorize where pure recall is the hardest 2. Guessing attacks are easily done with recognition-based scheme.
For recognition-based scheme password space range of 213 to 216, DAS and Pass-Go 16 were also broken by guessing attack using dictionaries of 231 to 241 with full password space of 258 entries and similarly with pass points are 226 to 235 with full password space of 243.