Abstract

In 1996, Blonder introduced the first authentication system based on a graphical password. Since then, researchers have proposed several systems in the literature enhancing security properties to prevent brute-force, guessing, and shoulder-surfing attacks. However, many systems were developed using impersonal images, hindering their identification and retention. As a solution, Takada-Toike, and Herzberg-Margulies introduced systems using personal images in 2002 and 2012, respectively. Nonetheless, users require passing many stages during the authentication phase, making the systems unsecured. As a solution, we propose a system where each user creates a graphical personal password and needs to pass a stage. Security analysis demonstrates that the proposal can resist very well-known attacks, making it secure and useful for web services.