The Repository @ St. Cloud State

Open Access Knowledge and Scholarship

Date of Award


Culminating Project Type

Starred Paper

Degree Name

Information Assurance: M.S.


Information Assurance and Information Systems


Herberger School of Business

First Advisor

Dennis Guster

Second Advisor

Susantha Herath

Third Advisor

Sneh Kalia

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.


To validate human users, passwords play a vital role in computer security. Graphical passwords offer more security than text-based passwords, this is due to the reason that the user replies on graphical passwords. Normal users choose regular or unforgettable passwords which can be easy to guess and are prone to Artificial Intelligence problems. Many harder to guess passwords involve more mathematical or computational complications. To counter these hard AI problems a new Captcha technology known as, Captcha as Graphical Password (CaRP), from a novel family of graphical password systems has been developed. CaRP is both a Captcha and graphical password scheme in one. CaRP mainly helps in hard AI problems and security issues like online guess attacks, relay attacks, and shoulder-surfing attacks if combined with dual view technologies. Pass-points, a new methodology from CaRP, addresses the image hotspot problem in graphical password systems which lead to weak passwords. CaRP also implements a combination of images or colors with text which generates session passwords, that helps in authentication because with session passwords every time a new password is generated and is used only once. To counter shoulder surfing, CaRP provides cheap security and usability and thus improves online security. CaRP is not a panacea; however, it gives protection and usability to some online applications for improving online security.