With the development of Internet technologies, an increasing number of websites are capable of providing Internet services. In order to obtain a service provided by a website, a user needs to log into a target service website by using a network terminal, and then obtain the service provided by the target service website by accessing the target service website. In order to ensure the security of network access, it is necessary for the target service website to authenticate the identity of the user on the network terminal side. Usually, the information used in the identity authentication is closely related to the registration information. In other words, the registration method of the user directly affects the information and rule that are used in user identity authentication, and further affects the security of network access.
Currently, a combination of user name and conventional password is usually used by the websites providing Internet services to implement network registration of users. In such a method, if a password is set too simple, the password is easy to be stolen and cracked, which is usually referred to as a weak-password security threat; if a user name and a password are set too complex, it is difficult to remember the password. To overcome the disadvantages of the network registration method above, various improved network registration methods, e.g., method for conducting network registration for a user using a dynamic password such as short message service (SMS) and hardware token, are proposed. Although these methods achieve higher security than those using a fixed password, they still have many defects. For example, for an SMS message, it is easily captured and intercepted by a pseudo base station, and is unavailable when the mobile phone is out of network coverage or in other situations; and for a hardware token, it is vulnerable to damage, failure, loss, or other problems.
Another popular network registration method is a graphical password-based network registration method, which has a high security and is easy to remember, and is widely applied to the fields such as mobile phone unlocking and security payment. However, when network registration of a user is performed by using a graphical password, a terminal device needs to support touch screen operations. Because a fixed graphic is used, when the user inputs the graphic through making a selection or sliding on the screen, it is easy for someone to peep at the operations of the user. Moreover, when the user taps or slides on the screen, a tap or slide trace is easily left, and the user password is easily guessed according to the trace. In addition, because the number of points of the graphic is limited, each point can only be used once and the graphic needs to be composed of consecutive points, in the method, only a small number of available graphical passwords can be generated, and the passwords have a high repetition rate, which greatly increases the risk of graphical passwords being cracked. As a result, the method is applicable only to a stand-alone situation, and cannot meet the security needs of the great Internet users during registration.