Passblot: A Highly Scalable Graphical one Time Password System

Abstract

User authentication is necessary to secure the data and process on Internet and in digital devices. Static text based authentication are most widely employed authentication systems for being inexpensive and highly scalable. But they are prone to various types of active and passive attacks. The constant need of extending them to increase security is making them less usable. One promising alternative is Graphical authentication systems, which if implemented properly are more secure but have their own drawbacks. In this paper, we discuss in detail the extension of our previous work Passblot [18], a unique graphical authentication system. It generates pseudo random one time passwords using a set of inkblots, unique to each user. Properties of one time passwords ensure the resistance towards various common attacks and the uniqueness of human perception makes it usable. We demonstrate how our system effectively mitigates various attacks and analyse the results from various experiments conducted.