This document describes a project called "Defenses Against Large Scale Online Password Guessing Attacks By Using Persuasive Click Point". The project aims to provide more secure authentication and easy to remember passwords. It proposes a Persuasive Cued Click Point (PCCP) graphical password scheme and a Password Guessing Resistant Protocol (PGRP) to limit login attempts and protect against guessing attacks. PCCP is designed to force users to select more random passwords by randomly repositioning the password selection area. The conclusion is that PCCP provides greater security than other graphical password methods.

2. Project Name :
“Defenses Against Large Scale Online Password
Guessing Attacks By Using Persuasive Click
Point ”
Members :
 Mr. Neel Kamal.

3. Content
• Purpose
• Objective
• Password Guessing Attacks
• Existing System
1.Taxonomy of Authentication
2.Disadvantages
• PCCP
• PGRP
• System Architecture
• Use case diagram

4. Cont…
• Advantages
• Requirement
• References
• Conclusion

5. Purpose
• To provide more secure authentication.
• To provide user friendly environment to create
password.
• To provide large password space over alphanumeric
passwords.

6. Objective
• Force users to select more random, and
difficult passwords to guess.
• To provide better security and easy to
remember passwords.

7. Online Password Guessing Attack
• Dictionary Attacks
• Brute Force Attack
• Shoulder Surfing
• Spy ware
• Social engineering

8. Literature survey

9. Taxonomy Of Authentication

10. Graphical Password System
 Recognition Based Techniques
 Recall based techniques :
a) Pass Points (PP)
b) Cued Click Points (CCP)

11. Disadvantages of Existing System
• Token based system requires support of knowledge
based system
• Text based passwords easily broken by brute force
and dictionary attacks.
• Biometrics based system is more complex and
costly.

12. Persuasive Cued Click Point (PCCP)
• Select a click-point
within the view port.
• Shuffle button to
randomly reposition the
view port
• view port guides users
to select more
random passwords

13. Password Guessing Resistant Protocol
(PGRP)
 Restrict password guessing attacks
 limits the total number of login attempts
 protection against key logger, spy ware

14. System Architecture

16. Use Case Diagram

17. Advantages
 Large password space over alphanumeric
passwords Bullet point
 More restrictive against brute force and
dictionary attacks
 More effective in preventing password
guessing attacks

18. Requirement
 Minimum Software Requirement:
Apache Tomcat, Dreamweaver
My SQL database
Advanced JAVA and JSP
 Minimum Hardware Requirements:
HDD 80 GB
RAM 512 MB
Processor Intel P4

19. References
1. Chiasson, P.C. van Oorschot, and Robert Biddle, “Graphical
Password Authentication Using Cued Click Points” ESORICS ,
LNCS 4734, pp.359 374,Springer- Verlag Berlin Heidelberg
2007.
2. Usable Authentication and Click-Based Graphical Password by
Sonia Chiasson .
3. Persuasive Cued Click-Points: Design, implementation, and
evaluation of a knowledge-based authentication mechanism Sonia
Chiasson, Member, IEEE, Elizabeth Stobert, Alain Forget, Robert
Biddle, Member, IEEE, and P. C. van Oorschot, Member, IEEE

20. Conclusion
• There is a growing interest for Graphical
passwords since they are better than Text based
passwords, although the main argument for
graphical passwords is that people are better at
memorizing graphical passwords than text-based
passwords
• Persuasive Click point method provides greater
security than other graphical password methods.