This section is intended to introduce the reader to various aspects of art, which may be related to various aspects of the present invention that are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to facilitate a better understanding of the various aspects of the present invention. Accordingly, it should be understood that these statements are to be read in this light, and not as admissions of prior art.
It is a long established practice to use passwords to protect access to various devices such as for example computers and mobile phones. The most common password system requires a user to use the keyboard to input a character string. A problem with this is that strong passwords—i.e. passwords that are difficult to guess—are often difficult to retain and vice versa.
As it often is easier to remember images than text, a number of solutions have proposed the use of graphical passwords. Moreover, many new devices do not have any physical keyboard. For example Smartphones embed only a touch-screen as input device. In this case, it is required to use a virtual keyboard to enter a textual password. This is not very user friendly, particularly when using strong passwords (alphanumeric mixed upper case and lower case).
In U.S. Pat. No. 5,559,961, Blonder presents a technique in which a user inputs the password by clicking on a sequence of predetermined zones in a predetermined image. US 2004/010721 presents a similar solution.
Passlogix developed this idea according to Suo et al., “Graphical Passwords: A Survey”, Department of Computer Science, Georgia State University—http://www.acsac.org/2005/papers/89.pdf. To enter a password, users click on various items in an image in a predefined sequence.
S. Wiedenbeck et al. also extended Blonder's scheme in a number of articles:                “Authentication Using Graphical Passwords: Basic Results,” in Human-Computer Interaction International (HCII 2005). Las Vegas, Nev., 2005        “Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice,” in Symposium on Usable Privacy and Security (SOUPS). Carnegie-Mellon University, Pittsburgh, 2005.        “PassPoints: Design and Longitudinal Evaluation of a Graphical Password System,” International Journal of Human Computer Studies, vol. 63, 2005, pages 102-127.        
This system eliminated predefined boundaries and allowed the use of arbitrary images, so that a user can click on anywhere in an image to create a password.
Still according to Suo et al., Passpoint developed a system in which a password is entered by selecting one face among several a plurality of times.
While those systems work reasonably well, they do however suffer from some disadvantages, such as vulnerability to shoulder surfing: an attacker may guess the password by observing the selections/clicks made by the user.
It can therefore be appreciated that there is a need for a solution that overcomes this problem and provides a system that can enable graphical passwords that are resistant to shoulder surfing. The present invention provides such a solution.