SelfiePass: A Shoulder Surfing Resistant Graphical Password Scheme

User authentication is the process of ascertaining the identity of a person before permitting to access the account in a system. The failure of authentication could result in breach of security and exposing valuable data and resources to attackers. The cost of authentication failure is huge when the account pertains to a financial account such as an Internet banking account. Another aspect of user authentication is usability. The convenience of users will deteriorate when stringent rules are imposed for the selection of stronger passwords. An alternate option to textual passwords is the image based graphical passwords. Images offer unlimited choice for the selection of passwords. Human being's ability to remember images be superior over texts. One limitation of graphical passwords is that they are vulnerable to shoulder surfing attack. In this paper a novel scheme for entering the click points on images without allowing shoulder surfing attacks is proposed. An android implementation of the proposed scheme was used to verify the usability and security of the proposed scheme.