Authentication is an important technique to support e-business applications, such as online banking, e-commerce, or the like, and to restrict access to secure websites, secure computer systems and/or secure installations. Traditional authentication techniques check a username and password supplied by a user attempting to access a site, carry on a transaction, or perform similar acts. Usernames and/or passwords have traditionally been checked as plain text. Therefore, such authentication techniques cannot resist dictionary attacks, eavesdropping (such as may be perpetrated by spyware, including key-loggers and the like), social engineering attacks, or even guessing very well.
An alternative existing authentication approach, graphical password or Image Based Authentication (IBA), has been viewed as being more user friendly in terms of memorability and recallability. The basic premise is that the human brain is more capable of storing graphical information than numbers or letters. In addition, IBA utilizes an easier and more user-friendly memorization strategy. However, IBA is susceptible to guessing and spyware attacks.