A graphical password or graphical user authentication is a form of authentication using images rather than letters, digits, or special characters. The type of images used and the ways, in which users interact with them vary between implementations.
Graphical passwords frequently require the user to select images in a particular order or respond to images presented in a particular order.
See also: CAPTCHA. Another graphical password solution creates a one-time password using a randomly generated grid of images. Each time the user is required to authenticate, they look for the images that fit their pre-chosen categories and enter the randomly generated alphanumeric character that appears in the image to form the one-time password.
One system requires users to select a series of faces as a password, utilizing the human brain's ability to recall faces easily.
Draw-a-Secret is a type of graphical password that requires the user to draw a picture over a grid. The user must exactly remember the user-drawn gestures in order to be authenticated. A larger stroke count corresponds with an increase in security, since it is harder for an attacker to copy the strokes and the order in which they are performed.[1]
When not used in a private setting, graphical passwords are typically more susceptible than text-based passwords to "shoulder-surfing attacks", in which an attacker learns the password by watching the screen, as a user gains access.