Abstract: Graphical Password Authentication has been accepted and there is a significant increase in usage of it. As using Text based password is common throughout all the domain areas, it creates the situation where incase if a user selects a password that he can easily remember then an attacker is provided with an oppurtunity to easily guess. If user selects a password that an attacker could not guess, then it becomes hard to remember for the user. So, Graphical password scheme is used as humans can easily remember images compared to alphabets or numbers. The focus here is to replace the static images used in graphical password system with the tokens. Usually the server would store the images and display it for the user while log in. But this would provide an option for an attacker to easily know the password by using some hacking techniques. Here, the user is responsible to get the image that which he wants to make it as a password. Moreover, the image that he gives it as a password is not at all stored in the server. User has to give in his own image which he has selected and then choose some five locations in that. It is converted to some value and then stored in the server. In this way an attacker is restricted a little as he would never know which image the user has uploaded during registration and he would not have it as it would be the personal image of the user. Even though if an attacker somehow got to know what is been stored in server by using some attacks, he can get only converted value not full data about it. Usability, reliability, and security against observation is provided. The study shows that there would be a threshold set, only when the password items match with the originals it is said to be equivalent. Resistance to observation attack is increased by using this approach.

Keywords: Graphical password, Security, Shoulder surfing, Authentication.