Graphical password authentication

A MINI PROJECT REPORT

Submitted by

Ravitla Harika (111720202040)

Desineni Bhuvaneswari (111720202007)
Nagaram Saranya (111720202031)
in partial fulfillment for the award of the

degree of
BACHELOR OF TECHNOLOGY
IN
COMPUTER SCIENCE AND BUSINESS SYSTEMS

R.M.K. ENGINEERING COLLEGE

(An Autonomous Institution)
R.S.M. Nagar, Kavaraipettai-601 206

November 2022

1
 R.M.K. ENGINEERING COLLEGE
(An Autonomous Institution)
R.S.M. Nagar, Kavaraipettai-601 206

BONAFIDE CERTIFICATE

Certified that this project report “Graphical Password Authentication” is the bonafide
work of Ravitla Harika (111720202040), Desineni Bhuvaneswari (111720202007),
Nagaram Saranya (111720202031) who carried out the 20CB511 Mini Project work
under my supervision.

SIGNATURE SIGNATURE

Dr. K. Chidambarathanu, M.E.,Ph.D., Ms. S. Jhansi Ida

Professor and Head Supervisor
Department of Computer Science and Associate Professor
Business Systems Department of Computer Science and
R.M.K. Engineering College Business Systems
R.S.M. Nagar, Kavaraipettai, R.M.K. Engineering College
Tiruvallur District– 601206. R.S.M. Nagar, Kavaraipettai,
Tiruvallur District–601206.

Submitted for the Project Viva –Voce held on ……………………… at R.M.K.

Engineering
College, Kavaraipettai, Tiruvallur District– 601206.

2
INTERNAL EXAMINER

3
 ACKNOWLEDGEMENT

We earnestly portray our sincere gratitude and regard to our beloved Chairman Shri. R. S.

Munirathinam, our Vice Chairman, Shri. R. M. Kishore and our Director, Shri. R.

Jyothi Naidu, for the interest and affection shown towards us throughout the course.

We convey our sincere thanks to our Principal, Dr. K. A. Mohamed Junaid, for being the

source of inspiration in this college.

We reveal our sincere thanks to our Professor and Head of the Department, Computer

Science and Business Systems, Dr. K. Chidambarathanu, for his commendable support

and encouragement for the completion of our project.

We would like to express our sincere gratitude for our Mini Project Coordinators Ms. S.

Jhansi Ida Assistant Professor, Ms. C. Indhumathi Assistant Professor and Mr. B.

Jayaram Assistant Professor and project guide Ms. S. Jhansi Ida, Associate Professor for

their valuable suggestions towards the successful completion for this project in a global

manner.

We take this opportunity to extend our thanks to all faculty members of Department of

Computer Science and Business Systems, parents and friends for all that they meant to us

during the crucial times of the completion of our project.

4
 TABLE OF CONTENTS

CHAPTER TITLE PAGE NO

ABSTRACT
LIST OF FIGURES

1 INTRODUCTION 6-8
1.1 Purpose
1.2 Objectives
1.3 Literature review
2 SYSTEM ANALYSIS 9-10

2.1 Existing system

2.2 Proposed system
2.3 System study
2.3.1 Feasibility study

3 SYSTEM DIAGRAMS 11-19

3.1 System architecture

3.2 Flow diagram
3.3 UML diagrams

4 IMPLEMENTATION 20

4.1 Modules
4.2 Module description

5 SYSTEM REQUIREMENTS 21-42

5.1 Hardware interface
5.2 Software interface
5.3 Software description
6 CONCLUSION 43
7 FUTURE ENHANCEMENTS 44
8 REFERENCES 45
9 SAMPLE CODING 46-47
SCREENSHOTS

5
 ABSTRACT

A graphical password is an authentication system that works by having the user select from images, in a
specific order, presented in a graphical user interface (GUI). For this reason, the graphical-password approach
is called graphical user authentication (GUA). The most common computer authentication method is to use
alphanumerical usernames and passwords. This method has been shown to have significant disadvantages. For
e.g, users tend to choose passwords that can be easily guessed. On the other hand, if a password is difficult to
guess, then it is often difficult to remember. To overcome this problem of low security, Authentication
methods are developed by researchers that use images as password. In this research paper, we conduct a
comprehensive survey of the existing graphical password techniques and provide a possible theory of our own.
Graphical password schemes have been proposed as a possible alternative to text-based schemes, by the fact
that humans can remember pictures better than text; Pictures are generally easier to be remembered or
recognized than text.
Keywords: Password, Graphical, Authentication.

6
 CHAPTER 1

INTRODUCTION

INTRODUCTION

User authentication is a fundamental component in most computer security contexts. It provides the basis for
access control and user accountability. While there are various types of user authentication systems,
alphanumerical usernames/passwords are the most common type of user authentication. They are versatile and
easy to implement and use. Alphanumerical passwords are required to satisfy two contradictory requirements.
They have to be easily remembered by a user, while they have to be hard to guess by an impostor. Users are
known to choose easily guessable and/or short text passwords, which are an easy target of dictionary and
brute-force attacks. Enforcing a strong password policy sometimes leads to the opposite effect, as a user may
resort to writing his or her difficult-to-remember passwords on sticky notes exposing them to direct theft. In
the literature, several techniques have been proposed to reduce the limitations of alphanumerical passwords.
One proposed solution is to use an easy-to-remember long-phrase (passphrase) rather than a single word.
Another proposed solution is to use graphical passwords, in which graphics (images) are used instead of
alphanumerical passwords. This can be achieved by asking the user to select regions from an image rather than
typing characters as in alphanumeric password approaches. In this, they have proposed a graphical password
authentication system. The system combines graphical and text-based passwords trying to achieve the best of
both worlds. We provide a brief review of graphical passwords. Then, the proposed system is described below.
Later, we briefly discuss implementation and highlight some aspects of the proposed system. Graphical
Passwords Graphical passwords refer to using pictures (also drawings) as passwords. In theory, graphical
passwords are easier to remember, since humans remember pictures better than words. Also, they should be
more resistant to brute-force attacks, since the search space is practically infinite. In general, graphical
password techniques are classified into two main categories: recognition-based and recall-based graphical
techniques. In recognition-based techniques, a user is authenticated by challenging him/her to identify one or
more images he or she chooses during the registration stage. In recall-based techniques, a user is asked to
reproduce something that he or she created or selected earlier during the registration stage. Passfaces is a
recognition-based technique, where a user is authenticated by challenging him/her into recognizing human
faces. An early recall-based graphical password approach was introduced by Greg Blonder in 1996. In this

7
approach, a user creates a password by clicking on several locations on an image. During authentication, the
user must click on those locations.

Purpose
The purpose of graphical password authentication is to provide

Objective of the Project:

Literature Review

1. Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy, and Nasir Memon. Passpoints:
design and longitudinal evaluation of a graphical password system. International Journal of Human-
Computer Studies, 63:102–127, July 2005
Computer security depends largely on passwords to authenticate human users. However, users have
difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long
and random. Therefore, they tend to choose short and insecure passwords. Graphical passwords, which
consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem
of creating secure and memorable passwords. In this paper we describe PassPoints, a new and more secure
graphical password system. We report an empirical study comparing the use of PassPoints to alphanumeric
passwords. Participants created and practiced either an alphanumeric or graphical password. The
participants subsequently carried out three longitudinal trials to input their password over the course of 6
weeks. The results show that the graphical password users created a valid password with fewer difficulties
than the alphanumeric users. However, the graphical users took longer and made more invalid password
inputs than the alphanumeric users while practicing their passwords. In the longitudinal trials the two
groups performed similarly on memory of their password, but the graphical group took more time to input
a password.

2. Xiaoyuan Suo, Ying Zhu, and G. Scott Owen. Graphical passwords: A survey. In Proceedings of
Annual Computer Security Applications Conference, pages 463–472, 2005.
The most common computer authentication method is to use alphanumerical usernames and passwords. This
method has been shown to have significant drawbacks. For example, users tend to pick passwords that can

8
 be easily guessed. On the other hand, if a password is hard to guess, then it is often hard to remember. To
address this problem, some researchers have developed authentication methods that use pictures as
passwords. In this paper, we conduct a comprehensive survey of the existing graphical password
techniques. We classify these techniques into two categories: recognition-based and recall-based
approaches. We discuss the strengths and limitations of each method and point out the future research
directions in this area. We also try to answer two important questions: “Are graphical passwords as secure
as text-based passwords?”; “What are the major design and implementation issues for graphical
passwords?” This survey will be useful for information security researchers and practitioners who are
interested in finding an alternative to text-based authentication methods.

3. Antonella De Angeli, Lynne Coventry, Graham Johnson, and Karen Renaud. Is a picture really
worth a thousand words? exploring the feasibility of graphical authentication systems. International
Journal of Human-Computer Studies, 63:128–152, July 2005.
The weakness of knowledge-based authentication systems, such as passwords and Personal Identification
Numbers (PIsNs), is well known, and reflects an uneasy compromise between security and human memory
constraints. Research has been undertaken for some years now into the feasibility of graphical
authentication mechanisms in the hope that these will provide a more secure and memorable alternative.
The graphical approach substitutes the exact recall of alphanumeric codes with the recognition of
previously learnt pictures, a skill at which humans are remarkably proficient. So far, little attention has
been devoted to usability, and initial research has failed to conclusively establish significant memory
improvement. This paper reports two user studies comparing several implementations of the graphical
approach with PINs. Results demonstrate that pictures can be a solution to some problems relating to
traditional knowledge-based authentication but that they are not a simple panacea, since a poor design can
eliminate the picture superiority effect in memory. The paper concludes by discussing the potential of the
graphical approach and providing guidelines for developers contemplating using these mechanisms.

4. G. E. Blonder. Graphical password. U.S. Patent 5559961, Lucent Technologies, Inc. (Murray Hill,
NJ), August 1995.
A graphical password arrangement displays a predetermined graphical image and requires a user to "touch"
predetermined areas of the image in a predetermined sequence, as a means of entering a password. The
password is set by allowing the arrangement to display the predetermined areas, or "tap regions", to a user,

9
and requiring the user to position these tap regions in a location and sequence within the graphical image,
with which the user desires the password to be set at. These "tap regions" are then removed from the
display, leaving the original image by itself. The arrangement then waits for an entry device (user) to select
the "tap regions", as described above, for possible access to a protected resource.

10
 CHAPTER 2
SYSTEM ANALYSIS

2.1 EXISTING SYSTEM

In the existing System, alphanumeric password are used. Alphanumerical passwords are required to satisfy
two contradictory requirements. They have to be easily remembered by a user, while they have to be hard
to guess by an impostor. Users are known to choose easily guessable and/or short text passwords, which
are an easy target of dictionary and brute-force attacks
Disadvantages:
 Less Secure
 Easy target for Dictionary attack

2.2 PROPOSED SYSTEM

In this, they have proposed a graphical password authentication system. The system combines graphical
and text-based passwords trying to achieve the best of both worlds. Graphical Passwords Graphical
passwords refer to using pictures (also drawings) as passwords. In theory, graphical passwords are easier to
remember, since humans remember pictures better than words. Also, they should be more resistant to brute
force attacks, since the search space is practically infinite.
Advantages:
 More Secure
 Infinite Search Space

2.3 SYSTEM STUDY

2.3.1 FEASIBILITY STUDY

The feasibility of the project is analyzed in this phase and business proposal is put forth with a very general
plan for the project and some cost estimates. During system analysis the feasibility study of the proposed
system is to be carried out. This is to ensure that the proposed system is not a burden to the company. For
feasibility analysis, some understanding of the major requirements for the system is essential.

11
Three key considerations involved in the feasibility analysis are

 ECONOMICAL FEASIBILITY

 TECHNICAL FEASIBILITY

 SOCIAL FEASIBILITY

ECONOMICAL FEASIBILITY

This study is carried out to check the economic impact that the system will have on the organization. The
amount of fund that the company can pour into the research and development of the system is limited. The
expenditures must be justified. Thus the developed system as well within the budget and this was achieved
because most of the technologies used are freely available. Only the customized products had to be purchased.

TECHNICAL FEASIBILITY

This study is carried out to check the technical feasibility, that is, the technical requirements of the system.
Any system developed must not have a high demand on the available technical resources. This will lead to
high demands on the available technical resources. This will lead to high demands being placed on the client.
The developed system must have a modest requirement, as only minimal or null changes are required for
implementing this system.

SOCIAL FEASIBILITY

The aspect of study is to check the level of acceptance of the system by the user. This includes the process of
training the user to use the system efficiently. The user must not feel threatened by the system, instead must
accept it as a necessity. The level of acceptance by the users solely depends on the methods that are employed
to educate the user about the system and to make him familiar with it. His level of confidence must be raised
so that he is also able to make some constructive criticism, which is welcomed, as he is the final user of the
system.

12
 CHAPTER 3
SYSTEM DIAGRAMS

3.1SYSTEM ARCHITECTURE

3.2 FLOW DIAGRAM:

13
 3.3 UML DIAGRAMS

UML stands for Unified Modeling Language. UML is a standardized general-purpose modeling language in the
field of object-oriented software engineering. The standard is managed, and was created by, the Object
Management Group.

The goal is for UML to become a common language for creating models of object-oriented computer software.
In its current form UML is comprised of two major components: A Meta-model and a notation. In the future,
some form of method or process may also be added to; or associated with, UML.

The Unified Modeling Language is a standard language for specifying, Visualization, Constructing and
documenting the artifacts of software system, as well as for business modeling and other non-software
systems.

The UML represents a collection of best engineering practices that have proven successful in the modeling of
large and complex systems.

The UML is a very important part of developing objects-oriented software and the software development
process. The UML uses mostly graphical notations to express the design of software projects.
14
GOALS:

The Primary goals in the design of the UML are as follows:

1. Provide users a ready-to-use, expressive visual modeling Language so that they can develop and
exchange meaningful models.
2. Provide extendibility and specialization mechanisms to extend the core concepts.
3. Be independent of particular programming languages and development process.
4. Provide a formal basis for understanding the modeling language.
5. Encourage the growth of OO tools market.
6. Support higher level development concepts such as collaborations, frameworks, patterns and
components.
7. Integrate best practices.

USE CASE DIAGRAM:

A use case diagram in the Unified Modeling Language (UML) is a type of behavioral diagram defined by and
created from a Use-case analysis. Its purpose is to present a graphical overview of the functionality provided
by a system in terms of actors, their goals (represented as use cases), and any dependencies between those use
cases. The main purpose of a use case diagram is to show what system functions are performed for which
actor. Roles of the actors in the system can be depicted.

15
CLASS DIAGRAM:

In software engineering, a class diagram in the Unified Modeling Language (UML) is a type of static structure
diagram that describes the structure of a system by showing the system's classes, their attributes, operations (or
methods), and the relationships among the classes. It explains which class contains information.

SEQUENCE DIAGRAM:

A sequence diagram in Unified Modeling Language (UML) is a kind of interaction diagram that shows how

16
processes operate with one another and in what order. It is a construct of a Message Sequence Chart. Sequence
diagrams are sometimes called event diagrams, event scenarios, and timing diagrams.

COLLABORATION DIAGRAM:

In collaboration diagram the method call sequence is indicated by some numbering technique as shown below.
The number indicates how the methods are called one after another. We have taken the same order
management system to describe the collaboration diagram. The method calls are similar to that of a sequence
diagram. But the difference is that the sequence diagram does not describe the object organization whereas the
collaboration diagram shows the object organization.

17
DEPLOYMENT DIAGRAM

Deployment diagram represents the deployment view of a system. It is related to the component diagram.
Because the components are deployed using the deployment diagrams. A deployment diagram consists of
nodes. Nodes are nothing but physical hardware used to deploy the application.

ACTIVITY DIAGRAM:

Activity diagrams are graphical representations of workflows of stepwise activities and actions with support
for choice, iteration and concurrency. In the Unified Modeling Language, activity diagrams can be used to
describe the business and operational step-by-step workflows of components in a system. An activity diagram
shows the overall flow of control.

18
COMPONENT DIAGRAM

A component diagram, also known as a UML component diagram, describes the organization and wiring of
the physical components in a system. Component diagrams are often drawn to help model implementation
details and double-check that every aspect of the system's required function is covered by planned
development.

19
ER DIAGRAM:

An Entity–relationship model (ER model) describes the structure of a database with the help of a diagram,
which is known as Entity Relationship Diagram (ER Diagram). An ER model is a design or blueprint of a
database that can later be implemented as a database. The main components of E-R model are: entity set and
relationship set.

An ER diagram shows the relationship among entity sets. An entity set is a group of similar entities and these
entities can have attributes. In terms of DBMS, an entity is a table or attribute of a table in database, so by
showing relationship among tables and their attributes, ER diagram shows the complete logical structure of a
database. Let’s have a look at a simple ER diagram to understand this concept.

DFD DIAGRAM:

A Data Flow Diagram (DFD) is a traditional way to visualize the information flows within a system. A neat
and clear DFD can depict a good amount of the system requirements graphically. It can be manual, automated,
or a combination of both. It shows how information enters and leaves the system, what changes the
information and where information is stored. The purpose of a DFD is to show the scope and boundaries of a
system as a whole. It may be used as a communications tool between a systems analyst and any person who
plays a part in the system that acts as the starting point for redesigning a system.
Context level diagram:

20
Level 1 diagram:

Level 2 diagram:

21
 CHAPTER 4
IMPLEMENTATION
4.1 MODULES
 Server
 User

4.2 MODULE DESCRIPTION

4.2.1 Server
Store in database: The system can store all the data in the database.
Query from the database: The system can collect the query from the database.
4.2.2 User
Register: The user should register with the required valid credentials.
Choose sequences and images among a lot of images: Here the user can select some images
and sequences among a lot of images.

22
 Login: Users should log in with the help of registered credentials.
Choose the same sequence: Here the user can choose the sequences they selected before.
Login status (success/fail): Users can view the status of the login whether it is successful or
failed.

CHAPTER 5

SYSTEM REQUIREMENTS

5.1 HARDWARE INTERFACE

• Processor - I5/Intel Processor

• RAM - 8GB (min)
• Hard Disk - 500 GB

5.2 SOFTWARE INTERFACE

 Operating System : Windows 10

 Server-side Script : Python 3.7.9
 IDE : VS Code

23
  Libraries Used : rasa.
 Framework : Django
5.3 SOFTWARE DESCRIPTION

INTRODUCTION TO PYTHON:

Python

What Is A Script?

Up to this point, I have concentrated on the interactive programming capability of Python.  This is a very
useful capability that allows you to type in a program and to have it executed immediately in an interactive
mode

Scripts are reusable

Basically, a script is a text file containing the statements that comprise a Python program.  Once you have
created the script, you can execute it over and over without having to retype it each time.

Scripts are editable

Perhaps, more importantly, you can make different versions of the script by modifying the statements from one
file to the next using a text editor.  Then you can execute each of the individual versions.  In this way, it is easy
to create different programs with a minimum amount of typing.

You will need a text editor

Just about any text editor will suffice for creating Python script files.

You can use Microsoft Notepad, Microsoft WordPad, Microsoft Word, or just about any word processor if you
want to.

Difference between a script and a program

Script:

Scripts are distinct from the core code of the application, which is usually written in a different language, and
are often created or at least modified by the end-user. Scripts are often interpreted from source code or byte
24
code, whereas the applications they control are traditionally compiled to native machine code.

Program:

The program has an executable form that the computer can use directly to execute the instructions.

The same program in its human-readable source code form, from which executable programs are derived (e.g.,
compiled)

Python

What is Python? Chances you are asking yourself this. You may have found this book because you want to
learn to program but don’t know anything about programming languages. Or you may have heard of
programming languages like C, C++, C#, or Java and want to know what Python is and how it compares to
“big name” languages. Hopefully I can explain it for you.

Python concepts

If you're not interested in the how and whys of Python, feel free to skip to the next chapter. In this chapter I
will try to explain to the reader why I think Python is one of the best languages available and why it’s a great
one to start programming with.

• Open-source general-purpose language.

• Object Oriented, Procedural, Functional

• Easy to interface with C/ObjC/Java/Fortran

• Easy-ish to interface with C++ (via SWIG)

• Great interactive environment

Python is a high-level, interpreted, interactive and object-oriented scripting language. Python is designed to be
highly readable. It uses English keywords frequently where as other languages use punctuation, and it has
fewer syntactical constructions than other languages.

25
  Python is Interpreted − Python is processed at runtime by the interpreter. You do not need to compile
your program before executing it. This is similar to PERL and PHP.
 Python is Interactive − You can actually sit at a Python prompt and interact with the interpreter
directly to write your programs.
 Python is Object-Oriented − Python supports Object-Oriented style or technique of programming that
encapsulates code within objects.
 Python is a Beginner's Language − Python is a great language for the beginner-level programmers
and supports the development of a wide range of applications from simple text processing to WWW
browsers to games.

History of Python

Python was developed by Guido van Rossum in the late eighties and early nineties at the National Research
Institute for Mathematics and Computer Science in the Netherlands.

Python is derived from many other languages, including ABC, Modula-3, C, C++, Algol-68, SmallTalk, and
Unix shell and other scripting languages.

Python is copyrighted. Like Perl, Python source code is now available under the GNU General Public License
(GPL).

Python is now maintained by a core development team at the institute, although Guido van Rossum still holds
a vital role in directing its progress.

Python Features

Python's features include −

 Easy-to-learn − Python has few keywords, simple structure, and a clearly defined syntax. This allows
the student to pick up the language quickly.

 Easy-to-read − Python code is more clearly defined and visible to the eyes.

 Easy-to-maintain − Python's source code is fairly easy-to-maintain.

26
  A broad standard library − Python's bulk of the library is very portable and cross-platform
compatible on UNIX, Windows, and Macintosh.

 Interactive Mode − Python has support for an interactive mode which allows interactive testing and
debugging of snippets of code.

 Portable − Python can run on a wide variety of hardware platforms and has the same interface on all
platforms.

 Extendable − You can add low-level modules to the Python interpreter. These modules enable
programmers to add to or customize their tools to be more efficient.

 Databases − Python provides interfaces to all major commercial databases.

 GUI Programming − Python supports GUI applications that can be created and ported to many
system calls, libraries and windows systems, such as Windows MFC, Macintosh, and the X Window
system of Unix.

 Scalable − Python provides a better structure and support for large programs than shell scripting.

 Apart from the above-mentioned features, Python has a big list of good features, few are listed below −

 It supports functional and structured programming methods as well as OOP.

 It can be used as a scripting language or can be compiled to byte-code for building large applications.

 It provides very high-level dynamic data types and supports dynamic type checking.

 IT supports automatic garbage collection.

 It can be easily integrated with C, C++, COM, ActiveX, CORBA, and Java.

Dynamic vs Static

Types Python is a dynamic-typed language. Many other languages are static typed, such as C/C++ and Java. A
static typed language requires the programmer to explicitly tell the computer what type of “thing” each data
27
value is.

For example, in C if you had a variable that was to contain the price of something, you would have to declare
the variable as a “float” type.

This tells the compiler that the only data that can be used for that variable must be a floating-point number,
i.e., a number with a decimal point.

If any other data value was assigned to that variable, the compiler would give an error when trying to compile
the program.

Python, however, doesn’t require this. You simply give your variables names and assign values to them. The
interpreter takes care of keeping track of what kinds of objects your program is using. This also means that you
can change the size of the values as you develop the program. Say you have another decimal number (a.k.a. a
floating-point number) you need in your program.

With a static typed language, you have to decide the memory size the variable can take when you first
initialize that variable. A double is a floating-point value that can handle a much larger number than a normal
float (the actual memory sizes depend on the operating environment).

If you declare a variable to be a float but later on assign a value that is too big to it, your program will fail;
you will have to go back and change that variable to be a double.

With Python, it doesn’t matter. You simply give it whatever number you want and Python will take care of
manipulating it as needed. It even works for derived values.

For example, say you are dividing two numbers. One is a floating-point number and one is an integer. Python
realizes that it’s more accurate to keep track of decimals so it automatically calculates the result as a floating-
point number.

Variables

Variables are nothing but reserved memory locations to store values. This means that when you create a
variable you reserve some space in memory.

28
Based on the data type of a variable, the interpreter allocates memory and decides what can be stored in the
reserved memory. Therefore, by assigning different data types to variables, you can store integers, decimals or
characters in these variables.

Standard Data Types

The data stored in memory can be of many types. For example, a person's age is stored as a numeric value and
his or her address is stored as alphanumeric characters. Python has various standard data types that are used to
define the operations possible on them and the storage method for each of them.

Python has five standard data types −

 Numbers
 String
 List
 Tuple
 Dictionary

Python Numbers

Number data types store numeric values. Number objects are created when you assign a value to them

Python Strings

Strings in Python are identified as a contiguous set of characters represented in the quotation marks. Python
allows for either pairs of single or double quotes. Subsets of strings can be taken using the slice operator ([ ]
and [:]) with indexes starting at 0 in the beginning of the string and working their way from -1 at the end.

Python Lists

Lists are the most versatile of Python's compound data types. A list contains items separated by commas and
enclosed within square brackets ([]). To some extent, lists are similar to arrays in C. One difference between
them is that all the items belonging to a list can be of different data type.

29
The values stored in a list can be accessed using the slice operator ([ ] and [:]) with indexes starting at 0 in the
beginning of the list and working their way to end -1. The plus (+) sign is the list concatenation operator, and
the asterisk (*) is the repetition operator. 

Python Tuples

A tuple is another sequence data type that is similar to the list. A tuple consists of a number of values separated
by commas. Unlike lists, however, tuples are enclosed within parentheses.

The main differences between lists and tuples are: Lists are enclosed in brackets ([ ]) and their elements and
size can be changed, while tuples are enclosed in parentheses (( )) and cannot be updated. Tuples can be
thought of as read-only lists.

Python Dictionary

Python's dictionaries are kind of hash table type. They work like associative arrays or hashes found in Perl and
consist of key-value pairs. A dictionary key can be almost any Python type, but are usually numbers or strings.
Values, on the other hand, can be any arbitrary Python object.

Dictionaries are enclosed by curly braces ({ }) and values can be assigned and accessed using square braces
([]).

Different modes in python

Python has two basic modes: normal and interactive.

The normal mode is the mode where the scripted and finished .py files are run in the Python interpreter.

Interactive mode is a command line shell which gives immediate feedback for each statement, while running
previously fed statements in active memory. As new lines are fed into the interpreter, the fed program is
evaluated both in part and in whole

Some Python Libraries:

1. Pandas
2. Numpy

30
 3. Pymysql
4. Scikit-learn

Pandas:

 Pandas provide us with many Series and Data Frames. It allows you to easily organize, explore,
represent, and manipulate data.
 Smart alignment and indexing featured in Pandas offer you a perfect organization and data labeling. 
 Pandas has some special features that allow you to handle missing data or value with a proper
measure. 
 This package offers you such a clean code that even people with no or basic knowledge of
programming can easily work with it. 
 It provides a collection of built-in tools that allows you to both read and write data in different web
services, data-structure, and databases as well. 
 Pandas can support JSON, Excel, CSV, HDF5, and many other formats. In fact, you can merge
different databases at a time with Pandas.

Numpy:

 Arrays of Numpy offer modern mathematical implementations on huge amount of data. Numpy makes
the execution of these projects much easier and hassle-free. 
 Numpy provides masked arrays along with general array objects. It also comes with functionalities
such as manipulation of logical shapes, discrete Fourier transform, general linear algebra, and many
more. 
 While you change the shape of any N-dimensional arrays, Numpy will create new arrays for that and
delete the old ones. 
 This python package provides useful tools for integration. You can easily integrate Numpy with
programming languages such as C, C++, and Fortran code. 
 Numpy provides such functionalities that are comparable to MATLAB. They both allow users to get
faster with operations. 

Pymysql:
31
  PyMySQL is a database connector for Python, libraries to enable Python programs to talk to a MySQL
server.
 Access to the port settings through Python properties.
 PyMySQL is a pure Python MySQL driver, first written as a rough port of the MySQL-Python driver.
 PyMySQL meets all of criterion for a driver.
 It is fully open source, hosted on Github, released on Pypi, is actively maintained.
 It is written in pure Python so is eventlet-monkeypatch compatible, and is fully Python 3 compatible.

Scikit-Learn:

 The random module is a simple and efficient tool for predictive data analysis

 Accessible to everybody, and reusable in various contexts

 The library is focused on modeling data. It is not focused on loading, manipulating and summarizing
data. For these features, refer to NumPy and Pandas.
 The functionality that scikit-learn provides include:
 Regression, including Linear and Logistic Regression
 Classification, including K-Nearest Neighbors
 Clustering, including K-Means and K-Means++
 Model selection
 Preprocessing, including Min-Max Normalization

Python class and objects

These are the building blocks of OOP. class creates a new object. This object can be anything, whether an
abstract data concept or a model of a physical object, e.g., a chair. Each class has individual characteristics
unique to that class, including variables and methods. Classes are very powerful and currently “the big thing”
in most programming languages. Hence, there are several chapters dedicated to OOP later in the book.

The class is the most basic component of object-oriented programming. Previously, you learned how to use
functions to make your program do something.

Now will move into the big, scary world of Object-Oriented Programming (OOP). To be honest, it took me
32
several months to get a handle on objects.

When I first learned C and C++, I did great; functions just made sense for me.

Having messed around with BASIC in the early ’90s, I realized functions were just like subroutines so there
wasn’t much new to learn.

However, when my C++ course started talking about objects, classes, and all the new features of OOP, my
grades definitely suffered.

Once you learn OOP, you’ll realize that it’s actually a pretty powerful tool. Plus many Python libraries and
APIs use classes, so you should at least be able to understand what the code is doing.

One thing to note about Python and OOP: it’s not mandatory to use objects in your code in a way that works
best; maybe you don’t need to have a full-blown class with initialization code and methods to just return a
calculation. With Python, you can get as technical as you want.

As you’ve already seen, Python can do just fine with functions. Unlike languages such as Java, you aren’t tied
down to a single way of doing things; you can mix functions and classes as necessary in the same program.
This lets you build the code

Objects are an encapsulation of variables and functions into a single entity. Objects get their variables and
functions from classes. Classes are essentially a template to create your objects.

Here’s a brief list of Python OOP ideas:

• The class statement creates a class object and gives it a name. This creates a new namespace.

• Assignments within the class create class attributes. These attributes are accessed by qualifying the name
using dot syntax: ClassName.Attribute.

• Class attributes export the state of an object and its associated behavior. These attributes are shared by all
instances of a class.

• Calling a class (just like a function) creates a new instance of the class.

This is where the multiple copies part comes in.

33
• Each instance gets ("inherits") the default class attributes and gets its own namespace. This prevents instance
objects from overlapping and confusing the program.

• Using the term self identifies a particular instance, allowing for per-instance attributes. This allows items
such as variables to be associated with a particular instance.

Inheritance

First off, classes allow you to modify a program without really making changes to it.

To elaborate, by subclassing a class, you can change the behavior of the program by simply adding new
components to it rather than rewriting the existing components.

As we’ve seen, an instance of a class inherits the attributes of that class.

However, classes can also inherit attributes from other classes. Hence, a subclass inherits from a superclass
allowing you to make a generic superclass that is specialized via subclasses.

The subclasses can override the logic in a superclass, allowing you to change the behavior of your classes
without changing the superclass at all.

Operator Overloads

Operator overloading simply means that objects that you create from classes can respond to actions
(operations) that are already defined within Python, such as addition, slicing, printing, etc.

Even though these actions can be implemented via class methods, using overloading ties the behavior closer to
Python’s object model and the object interfaces are more consistent to Python’s built-in objects, hence
overloading is easier to learn and use.

User-made classes can override nearly all of Python’s built-in operation methods

Exceptions

I’ve talked about exceptions before but now I will talk about them in depth. Essentially, exceptions are events
that modify program’s flow, either intentionally or due to errors.

34
They are special events that can occur due to an error, e.g. trying to open a file that doesn’t exist, or when the
program reaches a marker, such as the completion of a loop.

Exceptions, by definition, don’t occur very often; hence, they are the "exception to the rule" and a special class
has been created for them. Exceptions are everywhere in Python.

Virtually every module in the standard Python library uses them, and Python itself will raise them in a lot of
different circumstances.

Here are just a few examples:

• Accessing a non−existent dictionary key will raise a KeyError exception.

• Searching a list for a non−existent value will raise a ValueError exception

• Calling a non−existent method will raise an AttributeError exception.

• Referencing a non−existent variable will raise a NameError exception.

• Mixing datatypes without coercion will raise a TypeError exception.

One use of exceptions is to catch a fault and allow the program to continue working; we have seen this before
when we talked about files.

This is the most common way to use exceptions. When programming with the Python command line
interpreter, you don’t need to worry about catching exceptions.

Your program is usually short enough to not be hurt too much if an exception occurs.

Plus, having the exception occur at the command line is a quick and easy way to tell if your code logic has a
problem.

However, if the same error occurred in your real program, it will fail and stop working. Exceptions can be
created manually in the code by raising an exception.

It operates exactly as a system-caused exceptions, except that the programmer is doing it on purpose. This can
be for a number of reasons. One of the benefits of using exceptions is that, by their nature, they don’t put any

35
overhead on the code processing.

Because exceptions aren’t supposed to happen very often, they aren’t processed until they occur.

Exceptions can be thought of as a special form of the if/elif statements. You can realistically do the same thing
with if blocks as you can with exceptions.

However, as already mentioned, exceptions aren’t processed until they occur; if blocks are processed all the
time.

Proper use of exceptions can help the performance of your program.

The more infrequent the error might occur, the better off you are to use exceptions; using if blocks requires
Python to always test extra conditions before continuing.

Exceptions also make code management easier: if your programming logic is mixed in with error-handling if
statements, it can be difficult to read, modify, and debug your program.

User-Defined Exceptions

I won’t spend too much time talking about this, but Python does allow for a programmer to create his own
exceptions.

You probably won’t have to do this very often but it’s nice to have the option when necessary.

However, before making your own exceptions, make sure there isn’t one of the built-in exceptions that will
work for you.

They have been "tested by fire" over the years and not only work effectively, they have been optimized for
performance and are bug-free.

Making your own exceptions involves object-oriented programming, which will be covered in the next chapter

To make a custom exception, the programmer determines which base exception to use as the class to inherit
from, e.g., making an exception for negative numbers or one for imaginary numbers would probably fall under
the Arithmetic Error exception class.

36
To make a custom exception, simply inherit the base exception and define what it will do.

Python modules

Python allows us to store our code in files (also called modules). This is very useful for more serious
programming, where we do not want to retype a long function definition from the very beginning just to
change one mistake. In doing this, we are essentially defining our own modules, just like the modules defined
already in the Python library.

To support this, Python has a way to put definitions in a file and use them in a script or in an interactive
instance of the interpreter. Such a file is called a module; definitions from a module can be imported into other
modules or into the main module.

Testing code

As indicated above, code is usually developed in a file using an editor.

To test the code, import it into a Python session and try to run it.

Usually there is an error, so you go back to the file, make a correction, and test again.

This process is repeated until you are satisfied that the code works. T

His entire process is known as the development cycle.

There are two types of errors that you will encounter. Syntax errors occur when the form of some command is
invalid.

This happens when you make typing errors such as misspellings, or call something by the wrong name, and for
many other reasons. Python will always give an error message for a syntax error.

Functions in Python

It is possible, and very useful, to define our own functions in Python. Generally speaking, if you need to do a
calculation only once, then use the interpreter. But when you or others have need to perform a certain type of
calculation many times, then define a function.

37
 You use functions in programming to bundle a set of instructions that you want to use repeatedly or that,
because of their complexity, are better self-contained in a sub-program and called when needed. That
means that a function is a piece of code written to carry out a specified task.

To carry out that specific task, the function might or might not need multiple inputs. When the
task is carried out, the function can or cannot return one or more values.

There are three types of functions in python:

help(),min(),print().

Python Namespace

Generally speaking, a namespace (sometimes also called a context) is a naming system for making names
unique to avoid ambiguity. Everybody knows a namespacing system from daily life, i.e., the naming of people
in first name and family name (surname).

An example is a network: each network device (workstation, server, printer, ...) needs a unique name and
address. Yet another example is the directory structure of file systems.

The same file name can be used in different directories, the files can be uniquely accessed via the
pathnames. Many programming languages use namespaces or contexts for identifiers. An identifier defined in
a namespace is associated with that namespace.

This way, the same identifier can be independently defined in multiple namespaces. (Like the same file names
in different directories) Programming languages, which support namespaces, may have different rules that
determine to which namespace an identifier belongs. 

Namespaces in Python are implemented as Python dictionaries, this means it is a mapping from names (keys)
to objects (values). The user doesn't have to know this to write a Python program and when using namespaces. 

Some namespaces in Python:

 global names of a module

 local names in a function or method invocation

38
 built-in names: this namespace contains built-in functions (e.g. abs(), cmp(), ...) and built-in exception names

Garbage Collection

Garbage Collector exposes the underlying memory management mechanism of Python, the automatic garbage
collector. The module includes functions for controlling how the collector operates and to examine the objects
known to the system, either pending collection or stuck in reference cycles and unable to be freed.

Python XML Parser

XML is a portable, open-source language that allows programmers to develop applications that can be read by
other applications, regardless of operating system and/or developmental language.

What is XML? The Extensible Markup Language XML is a markup language much like HTML or SGML.

This is recommended by the World Wide Web Consortium and available as an open standard.

XML is extremely useful for keeping track of small to medium amounts of data without requiring a SQL-
based backbone.

XML Parser Architectures and APIs The Python standard library provides a minimal but useful set of
interfaces to work with XML.

The two most basic and broadly used APIs to XML data are the SAX and DOM interfaces.

Simple API for XML SAX: Here, you register callbacks for events of interest and then let the parser proceed
through the document.

This is useful when your documents are large or you have memory limitations, it parses the file as it reads it
from disk and the entire file is never stored in memory.

Document Object Model DOM API: This is a World Wide Web Consortium recommendation wherein the
entire file is read into memory and stored in a hierarchical tree − based form to represent all the features of an
XML document.

SAX obviously cannot process information as fast as DOM can when working with large files. On the other
hand, using DOM exclusively can really kill your resources, especially if used on a lot of small files.
39
SAX is read-only, while DOM allows changes to the XML file. Since these two different APIs literally
complement each other, there is no reason why you cannot use them both for large projects.

Python Web Frameworks

A web framework is a code library that makes a developer's life easier when building reliable, scalable and
maintainable web applications.

Why are web frameworks useful?

Web frameworks encapsulate what developers have learned over the past twenty years while programming
sites and applications for the web. Frameworks make it easier to reuse code for common HTTP operations and
to structure projects so other developers with knowledge of the framework can quickly build and maintain the
application.

Common web framework functionality

Frameworks provide functionality in their code or through extensions to perform common operations required
to run web applications. These common operations include:

1. URL routing
2. HTML, XML, JSON, and other output format templating
3. Database manipulation
4. Security against Cross-site request forgery (CSRF) and other attacks
5. Session storage and retrieval

Not all web frameworks include code for all of the above functionality. Frameworks fall on the spectrum from
executing a single use case to providing every known web framework feature to every developer. Some
frameworks take the "batteries-included" approach where everything possible comes bundled with the
framework while others have a minimal core package that is amenable to extensions provided by other
packages.

Comparing web frameworks

There is also a repository called compare-python-web-frameworks where the same web application is being

coded with varying Python web frameworks, templating engines and object.
40
 Web framework resources

 When you are learning how to use one or more web frameworks it's helpful to have an idea of what the
code under the covers is doing.
 Frameworks is a really well-done short video that explains how to choose between web frameworks.
The author has some particular opinions about what should be in a framework. For the most part I
agree although I've found sessions and database ORMs to be a helpful part of a framework when done
well.
 What is a web framework? is an in-depth explanation of what web frameworks are and their relation to
web servers.
 Django vs Flash vs Pyramid: Choosing a Python web framework contains background information and
code comparisons for similar web applications built in these three big Python frameworks.
 This fascinating blog post takes a look at the code complexity of several Python web frameworks by
providing visualizations based on their code bases.
 Python’s web frameworks benchmarks is a test of the responsiveness of a framework with encoding an
object to JSON and returning it as a response as well as retrieving data from the database and rendering
it in a template. There were no conclusive results but the output is fun to read about nonetheless.
 What web frameworks do you use and why are they awesome? is a language agnostic Reddit
discussion on web frameworks. It's interesting to see what programmers in other languages like and
dislike about their suite of web frameworks compared to the main Python frameworks.
 This user-voted question & answer site asked "What are the best general purpose Python web
frameworks usable in production?". The votes aren't as important as the list of the many frameworks
that are available to Python developers.

Web frameworks learning checklist

1. Choose a major Python web framework (Django or Flask are recommended) and stick with it. When
you're just starting it's best to learn one framework first instead of bouncing around trying to
understand every framework.
2. Work through a detailed tutorial found within the resources links on the framework's page.
3. Study open-source examples built with your framework of choice so you can take parts of those
projects and reuse the code in your application.

41
 4. Build the first simple iteration of your web application then go to the deployment section to make it
accessible on the web.

5.4 SYSTEM TESTING

The purpose of testing is to discover errors. Testing is the process of trying to discover every conceivable fault
or weakness in a work product. It provides a way to check the functionality of components, sub-assemblies,
assemblies and/or a finished product It is the process of exercising software with the intent of ensuring that the

Software system meets its requirements and user expectations and does not fail in an unacceptable manner.
There are various types of test. Each test type addresses a specific testing requirement.
TYPES OF TESTS

Unit testing

Unit testing involves the design of test cases that validate that the internal program logic is functioning
properly, and that program inputs produce valid outputs. All decision branches and internal code flow should
be validated. It is the testing of individual software units of the application .it is done after the completion of
an individual unit before integration. This is a structural testing, that relies on knowledge of its construction
and is invasive. Unit tests perform basic tests at component level and test a specific business process,
application, and/or system configuration. Unit tests ensure that each unique path of a business process
performs accurately to the documented specifications and contains clearly defined inputs and expected results.
Integration testing

Integration tests are designed to test integrated software components to determine if they actually run as one
program. Testing is event driven and is more concerned with the basic outcome of screens or fields.
Integration tests demonstrate that although the components were individually satisfaction, as shown by
successfully unit testing, the combination of components is correct and consistent. Integration testing is
specifically aimed at exposing the problems that arise from the combination of components.
Functional test

Functional tests provide systematic demonstrations that functions tested are available as specified by the
business and technical requirements, system documentation, and user manuals.

42
Functional testing is centered on the following items:

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.

Functions : identified functions must be exercised.

Output : identified classes of application outputs must be exercised.

Systems/Procedures: interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key functions, or special test
cases. In addition, systematic coverage pertaining to identify Business process flows; data fields, predefined
processes, and successive processes must be considered for testing. Before functional testing is complete,
additional tests are identified and the effective value of current tests is determined.
SYSTEM TEST

System testing ensures that the entire integrated software system meets requirements. It tests a configuration to
ensure known and predictable results. An example of system testing is the configuration-oriented system
integration test. System testing is based on process descriptions and flows, emphasizing pre-driven process
links and integration points.
White Box Testing

White Box Testing is a testing in which in which the software tester has knowledge of the inner workings,
structure and language of the software, or at least its purpose. It is purpose. It is used to test areas that cannot
be reached from a black box level.
Black Box Testing

Black Box Testing is testing the software without any knowledge of the inner workings, structure or language
of the module being tested. Black box tests, as most other kinds of tests, must be written from a definitive
source document, such as specification or requirements document, such as specification or requirements
document. It is a testing in which the software under test is treated, as a black box .you cannot “see” into it.
The test provides inputs and responds to outputs without considering how the software works.

43
Unit Testing:

Unit testing is usually conducted as part of a combined code and unit test phase of the software lifecycle,
although it is not uncommon for coding and unit testing to be conducted as two distinct phases.
Test strategy and approach

Field testing will be performed manually and functional tests will be written in detail.

Test objectives

 All field entries must work properly.

 Pages must be activated from the identified link.

 The entry screen, messages and responses must not be delayed.

Features to be tested

 Verify that the entries are of the correct format

 No duplicate entries should be allowed

 All links should take the user to the correct page.

Integration Testing

Software integration testing is the incremental integration testing of two or more integrated software
components on a single platform to produce failures caused by interface defects.

The task of the integration test is to check that components or software applications, e.g. components in a
software system or – one step up – software applications at the company level – interact without error.

Test Results: All the test cases mentioned above passed successfully. No defects were encountered.
Acceptance Testing

User Acceptance Testing is a critical phase of any project and requires significant participation by the end
user. It also ensures that the system meets the functional requirements.
44
Test Results: All the test cases mentioned above passed successfully. No defects encountered.

45
CHAPTER 6

CONCLUSION

46
 CHAPTER 7

FUTURE ENHANCEMENTS

47
 CHAPTER 8
REFERENCES

1. Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy, and Nasir Memon. Passpoints:
design and longitudinal evaluation of a graphical password system. International Journal of Human-
Computer Studies, 63:102–127, July 2005.
2. Robert Morris and Ken Thompson. Password security: a case history. Communications of the ACM,
22:594– 597, November 1979.
3. Daniel V. Klein. Foiling the Cracker: A Survey of, and Improvements to, Password Security. In
Proceedings of the 2nd USENIX UNIX Security Workshop, 1990.
4. Eugene H. Spafford. Observing reusable password choices. In Proceedings of the 3rd Security Symposium.
Usenix, pages 299–312, 1992.
5. Sigmund N. Porter. A password extension for improved human factors. Computers & Security, 1(1):54 –
56, 1982.
6. Xiaoyuan Suo, Ying Zhu, and G. Scott Owen. Graphical passwords: A survey. In Proceedings of Annual
Computer Security Applications Conference, pages 463–472, 2005.
7. Antonella De Angeli, Lynne Coventry, Graham Johnson, and Karen Renaud. Is a picture really worth a
thousand words? exploring the feasibility of graphical authentication systems. International Journal of
Human-Computer Studies, 63:128–152, July 2005.
8. Real User Corporation. The science behind passfaces, June 2004.
9. G. E. Blonder. Graphical password. U.S. Patent 5559961, Lucent Technologies, Inc. (Murray Hill, NJ),
August 1995.
10. William Stallings and Lawrie Brown. Computer Security: Principle and Practices. Pearson Education,
2008.

48
 CHAPTER 9
SAMPLE CODING

Sample code
Index.html:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Graphical Password authentication</title>

<!-- Latest compiled and minified CSS & JS -->

<link rel="stylesheet" media="screen"
href="//netdna.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css">
<script src="//code.jquery.com/jquery.js"></script>
<script src="//netdna.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script>

</head>
<body>
<header>
<nav class="navbar navbar-inverse" style="border-radius: 0px; padding: 0px 30px; margin:
0px;">
<a class="navbar-brand" href="#">Graphical Password authentication</a>
<ul class="nav navbar-nav navbar-right">
<li>
<a href="homesignup">signup</a>
</li>
<li>
<a href="homesignin">signin</a>
</li>
</ul>
</nav>
</header>
<section id="main" style="background-image: url(/https/www.scribd.com/static/home/img/background.jpg);
height:94vh; background-size: cover;">
<center style="padding-top:20%; color: aliceblue;">
<h1 >Graphical Password authentication</h1>
</center>
</section>
</body>
</html>

49
SCREENSHOTS

50