| Influencing Graphical Based Password: Process of Knowledge-Based Authentication Mechanism | |
|
MSRDG International Journal of Computer Scientific Technology & Electronics Engineering
© 2025 by MSRDG IJCSTEE Journal Volume 1 Issue 6
Year of Publication: 2025 |
Paper Download Article ID MSRDG-IJCSTEE-V1I6P104 |
|
Abstract: Authentication remains one of the most critical frontiers in contemporary information security. Conventional text-based and PIN-based credentials continue to exhibit well-documented vulnerabilities to shoulder surfing, brute-force enumeration, dictionary attacks, and phishing. This paper presents a structured investigation into Graphical-Based Password Authentication (GBPA) as a robust, human-memory-compatible alternative grounded in knowledge-based authentication (KBA) principles. The proposed mechanism exploits the innate superiority of human pictorial memory over alphanumeric recall by presenting users with a randomised grid of thematically neutral images from which an ordered selection sequence constitutes the credential. A formal system architecture is designed, implemented on a prototype web-based platform, and evaluated over 200 user sessions with 50 participants. Experimental results demonstrate that the proposed GBPA achieves an authentication accuracy of 97.4%, a brute-force resistance rate of 96.1%, an area under the receiver operating characteristic curve (AUC) of 0.982, and a usability score of 8.7/10 on the System Usability Scale (SUS). Comparative analysis against conventional text passwords, PIN-based authentication, and prior graphical schemes consistently confirms the superiority of the proposed approach across security, memorability, and session integrity dimensions. The work further discusses threat modelling, shoulder-surfing countermeasures, and adaptive challenge regeneration strategies, contributing a deployable solution for web and mobile authentication contexts. |
|
| Keywords: Graphical password; knowledge-based authentication; image-based authentication; cybersecurity; usability; brute-force resistance; session integrity | |
