Modern computing platforms of different varieties such as tablets, smartphones, and Ultrabooks™, among others are provided with touch panel displays. In addition, desktop and notebook systems are also being offered with these displays.
Either using a touch panel display or other available displays, some operating system (OS) vendors and independent software vendors (ISVs) have introduced an alternative to passwords using a picture as a method for performing user authentication. The user recalls several points and/or sequence of points on the display. An image on the display provides the user with reference points from which to remember the authentication points. This form of authentication can be used with non-touch displays as well using a touch pad, mouse or joystick to control the touch focus during the authentication challenge.
One problem for picture-based authentication is that an input path (whether by touch panel, touch pad, mouse or otherwise) is subject to man-in-the-box attacks, where malware can log the user input and easily replay it to the OS or disclose it to another person who then can impersonate the legitimate user.