Spywares has become major problem now days. This type of software may track user activities online and offline. Password collection by spywares is increasing at a shocking pace. The problem of entering sensitive data, such as passwords, from an untrusted machine, is obviously insecure; however roaming users generally have no other option. They are in no point to review the security status of, Internet cafe or business center machines, and has no alternative to typing the password. The difficulty of mounting a collusion attack on a single user’s password makes the problem more tractable than it might appear. This problem of password security can be improved by biometric based authentication and graphical authentication, however availability and cost of biometric authentication is considerable problem. In this paper, we present an alternative user authentication based on two levels of security walls, first based on pin code and second use Images that is resistant to keylogger spywares. this method that uses a strengthened cryptographic hash function to compute fast and secure passwords for arbitrarily many accounts while requiring the user to memorize only few memorable points in the image. In addition to keylogger spywares our design is also highly resistant to brute force attacks, modification attack and prone to Dictionary attack, allowing users to retrieve their passwords from any location so long as they can execute our program and remember a short secret.

1. M. N. Doja and Naveen Kumar, “Image Authentication Schemes Against Key-logger Spyware”, Ninth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing 2008 IEEE DOI 10.1109/SNPD.2008.166.
2. White Paper, “Combating the Spyware menace: Solutions for the Enterprise”, London, United Kingdom, http://www.omniquad.com/, Accessed January 2008.
3. Susannah Fox, “Public Policy Spyware: The threat of unwanted software programs is changing the way people use the Internet”, Pew Internet and American Life Project, July 2005, http://www.pewinternet.org/PPF/r/160/report_display.asp, Accessed January 2008.
4. Tim Johnson, “Spyware is a Blended Threat: Your security demands a layered approach”, White paper, September 2005, www.surfcontrol.com, Accessed January 2008.
5. J. Thorpe, and P.C. Oorschot, “Towards secure design choices for implementing graphical passwords”, ACSAC '04: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), Washington, DC, USA, Vol. 3, pp. 664 – 666, 2004.
6. I. Jermyn, A. Mayer, F. Monrose, M.K. Reiter, and A.D. Rubin, “The design and analysis of graphical passwords”, Proceedings of the Eighth USENIX Security Symposium, pp. 1–14, 1999.
7. D. Bensinger, “Human memory and the graphical password”,http://www.activetechs.com/solutions/security/sso/bensinger.pdf. Accessed January 2008.
8. Blonder, G.E., 1996. Graphical passwords. United States Patent 5559961.
9. Passlogix,V-Go, www.passlogix.com, Accessed January 2008.
10. M.D. Fleetwood, M.D. Byrne, P. Centgraf, K. Dudziak,B. Lin, and D. Mogilev, “An analysis of textentry in Palm OS: Graffiti and the Virtual Keyboard”.Proc. HFES 46th Annual Meeting , Santa Monica:HFES, 2002, pp. 617-621.
11. S. Wiedenbeck, J. Waters, J.C. Birget, A. Brodskiy, and N. Memon, “Authentication using graphical passwords: Effects of tolerance and image choice”, in Symposium on Usable Privacy and Security(SOUPS), at Carnegie-Mellon Univ., Pittsburgh, 6-8 July 2005.
12. Rachna Dhamija and Adrian Perrig, “Déjà Vu: A User Study Using Images for Authentication”, 9th Usenix Security Symposium, August 2000.
13. Robert Morris and Ken Thompson, “Password Security: A Case History”, Communications of the ACM, 22(11), pp. 594-597.

Two Level Graphical Authentication Key-Logger Spyware