Authentication is the first step in information security. It requires the user to memorize their password and remember at login time. textual passwords are the most traditional schemes that are used for providing security, but textual passwords are vulnerable to dictionary attacks, shouldersurfing. Graphical password schemes overcomed the shortcomings of textual passwords,but they were vulnerable to shoulder surfing attacks. to solve and overcome this problem,text and images are combined to generate passwords for providing higher security for password. A new technique called session password is introduced on the combination of text and images to solve the problem of security. Session password can be used everytime the password is created for authentication. Two techniques are used to generate session password which overcomes the attacks like shoulder surfing,dictionary attacks.

1. R. Dhamija, and A. Perrig. "Déjà Vu: A User Study Using Images for Authentication". In 9th USENIX Security Symposium, 2000.
2. Real User Corporation: Passfaces. www. passfaces. com
3. Jermyn, I. , Mayer A. , Monrose, F. , Reiter, M. , and Rubin. , "The design and analysis of graphical passwords" in Proceedings of USENIX Security Symposium, August 1999.
4. A. F. Syukri, E. Okamoto, and M. Mambo, "A User Identification System Using Signature Written with Mouse," in Third Australasian Conference on Information Security and Privacy (ACISP): Springer-Verlag Lecture Notes in Computer Science (1438), 1998, pp. 403-441.
5. G. E. Blonder, "Graphical passwords," in Lucent Technologies, Inc. , Murray Hill, NJ, U. S. Patent, Ed. United States, 1996.
6. Passlogix, site http://www. passlogix. com.
7. HaichangGao, ZhongjieRen, Xiuling Chang, Xiyang Liu UweAickelin, "A New Graphical Password Scheme Resistant to Shoulder-Surfing
8. S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, N. Memon, "Design and longitudinal evaluation of a graphical password system". International J. of Human-Computer Studies 63 (2005) 102-127.
9. W. Jansen, "Authenticating Mobile Device User through Image Selection," in Data Security, 2004.
10. W. Jansen, "Authenticating Users on Handheld Devices "in Proceedings of Canadian Information Technology Security Symposium, 2003.
11. D. Weinshall and S. Kirkpatrick, "Passwords You'll Never Forget, but Can't Recall," in Proceedings of Conference on Human Factors in Computing Systems (CHI). Vienna, Austria: ACM, 2004, pp. 1399-1402.
12. J. Goldberg, J. Hagman, V. Sazawal, "Doodling Our Way To Better Authentication", CHI '02 extended abstracts on Human Factors in Computer Systems, 2002.
13. H. Zhao and X. Li, "S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme," in 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW 07), vol. 2. Canada, 2007, pp. 467-472.
14. S. Man, D. Hong, and M. Mathews, "A shoulder surfing resistant graphical password scheme," in Proceedings of International conference on security and management. Las Vegas, NV, 2003.
15. X. Suo, Y. Zhu and G. Owen, "Graphical Passwords: A Survey". In Proc. ACSAC'05.
16. Z. Zheng, X. Liu, L. Yin, Z. Liu "A Hybrid password authentication scheme based on shape and text" Journal of Computers, vol. 5, no. 5 May 2010

Authentication Security Shoulder Surfing Dictionary Attacks