graphical password

A graphical password is easier than a text-based password for most people to remember. Suppose an 8-character password is necessary to gain entry into a particular computer network. Instead of w8KiJ72c, for example, a user might select images of the earth (from among a screen full of real and fictitious planets), the country of France (from a map of the world), the city of Nice (from a map of France), a white stucco house with arched doorways and red tiles on the roof, a green plastic cooler with a white lid, a package of Gouda cheese, a bottle of grape juice, and a pink paper cup with little green stars around its upper edge and three red bands around the middle.

Graphical passwords may offer better security than text-based passwords because many people, in an attempt to memorize text-based passwords, use plain words (rather than the recommended jumble of characters). A dictionary search can often hit on a password and allow a hacker to gain entry into a system in seconds. But if a series of selectable images is used on successive screen pages, and if there are many images on each page, a hacker must try every possible combination at random. If there are 100 images on each of the 8 pages in an 8-image password, there are 100⁸, or 10 quadrillion (10,000,000,000,000,000), possible combinations that could form the graphical password! If the system has a built-in delay of only 0.1 second following the selection of each image until the presentation of the next page, it would take (on average) millions of years to break into the system by hitting it with random image sequences.

Read more about graphical password: - David Bensinger, Ph.D. has written a white paper entitled "Human Memory and the Graphical Password." - "The Design and Analysis of Graphical Passwords" by Ian Jermyn and others provides a technical presentation. - SearchSecurity.com has a story called "Graphical passwords still far from picture perfect."

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Password Management and Policy,   Identity Management Technology and Strategy,   Enterprise Identity and Access Management,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Best practices for a privileged access policy to secure user accounts Enterprises need to secure accounts belonging to actual users by reviewing and monitoring their privileged access. Mature SIMs do more than log aggregation and correlation They've come a long way from the early days of log aggregation and correlation; enterprises now glean value from SIMs for compliance, visualization... PCI compliance requirement 2: Defaults PCI pros Diana Kelley and Ed Moyle review Requirement 2 of the Payment Card Industry Data Security Standard: Defaults.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary identity chaos  (SearchSecurity.com) logon  (SearchSecurity.com)