Authentication Schemes for Session Passwords using Color and Images ABSTRACT Textual passwords are the most common method used for authentication. But textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most of the graphical schemes are vulnerable to shoulder surfing. To address this problem, text can be combined with images or colors to generate session passwords for authentication. Session passwords can be used only once and every time a new password is generated. In this paper, two techniques are proposed to generate session passwords using text and colors which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants. EXISTING SYSTEM The existing system to use passwords can be easily guessed or cracked. The alternative techniques are graphical passwords and biometrics. But these two techniques have their own disadvantages. Biometrics, such as finger prints, iris scan or facial recognition have been introduced but not yet widely adopted. Disadvantage 1. The systems can be expensive. 2. The identification process can be slow. PROPOSED SYSTEM The proposed system using new Authentication technique consists of 3 phases registration phase, login phase and verification phase. During registration, user enters his password in first method or rates the colors in the second method. During login phase, the user has to enter the password based on the interface displayed on the screen. The system verifies the password entered by comparing with content of the password generated during registration. Advantage 1. The Session passwords are passwords that are used only once 2. The users input different passwords. 3. The session passwords provide better security against dictionary and brute force attacks as password changes for every session. MODULES 1. Pair-based Authentication scheme 2. Hybrid Textual Authentication Scheme 3. Registration Pair-based Authentication scheme Module During registration user submits his password. Maximum length of the password is 8 and it can be called as secret pass. The secret pass should contain even number of characters. Session passwords are generated based on this secret pass. During the login phase, when the user enters his username an interface consisting of a grid is displayed. The grid is of size 6 x 6 and it consists of alphabets and numbers. These are randomly placed on the grid and the interface changes every time. User has to enter the password depending upon the secret pass. User has to consider his secret pass in terms of pairs. The session password consists of alphabets and digits. The first letter in the pair is used to select the row and the second letter is used to select the column. The intersection letter is part of the session password. This is repeated for all pairs of secret pass. Hybrid Textual Authentication Scheme Module The User should rate colors from 1 to 8 and he can remember it as ldquoRLYOBGIPrdquo. Same rating can be given to different colors. During the login phase, when the user enters his username an interface is displayed based on the colors selected by the user. The login interface consists of grid of size 8times8. This grid contains digits 1-8 placed randomly in grid cells. The interface also contains strips of colors. The color grid consists of 4 pairs of colors. Depending on the ratings given to colors, we get the session password. Registration Module This module is used to registered user Details in three parts. They are Name authentication password, Color Priority Password and Other details. First, user is going to enter the normal password but it using capital A-Z letters and 0-9 Numbers. Second the user to put the color priority in six colors. SYSTEM SPECIFICATION Hardware Requirements System Pentium IV 2.4 GHz. Hard Disk 40 GB. Floppy Drive 1.44 Mb. Monitor 14rsquo Colour Monitor. Mouse Optical Mouse. Ram 512 Mb. Keyboard 101 Keyboard. Software Requirements Operating system Windows XP. Coding Language ASP.Net with C Data Base SQL Server 2005.