Usable security has unique usability challenges because the need for security often means that standard human-computer-interaction approaches cannot be directly applied. An important usability goal for authentication systems is to support users in selecting better passwords, thus increasing security by expanding the effective password space. In click-based graphical passwords, poorly chosen passwords lead to the emergence of hotspots – portions of the image where users are more likely to select click-points, allowing attackers to mount more successful dictionary attacks.
People select predictable passwords. This occurs with both textbased and graphical passwords. Users tend to choose passwords that are memorable in some way, which unfortunately often means that the passwords tend to follow predictable patterns that are easier for attackers to exploit. While the predictability problem can be solved by disallowing user choice and assigning passwords to users, this usually leads to usability issues since users cannot easily remember such random passwords.
An authentication system should encourage strong passwords while still maintaining memorability.

Graphical passwords offer an alternative to text-based passwords that is intended to be more memorable and usable because graphical passwords rely on our ability to more accurately remember images than text . Several forms of graphical passwords have been proposed. Our proposed system allows user choice while attempting to influence users to select stronger passwords. It also makes the task of selecting a weak password (easy for attackers to predict) more tedious, in order to discourage users from making such choices. In effect, our scheme makes choosing a more secure password the “path-ofleastresistance”.
In this passwords are created by positioning a “template” over a background image so that the user’s secret areas fall within the cutout portions of the template. They found that users had difficulty remembering the position of their template and selected similar areas of the images.
We focus primarily on click-based graphical passwords. In
PassPoints passwords consist of a sequence of five clickpoints on a given image. Users may select any pixels in the image as click-points for their password. To log in, they repeat the sequence of clicks in the correct order. Each click must be within a system-defined tolerance region of the original click-point. It was found that although relatively usable, security concerns remain.
The primary security problem is hotspots: different users tend to select similar click-points as part of their passwords. Attackers who gain knowledge of these hotspots through harvesting sample passwords or through automated image processing techniques can build attack dictionaries and more successfully guess PassPoints passwords . A dictionary attack consists of using a list of potential passwords (ideally in decreasing order of likelihood) and trying each on the system in turn to see if it leads to a correct login for a given account. Attacks can target a single account, or can try guessing passwords on a large number of accounts in hopes of

breaking into any of them.
To reduce the security impact of hotspots and further improve usability, we proposed an alternative click-based graphical password scheme called Cued Click-Points .
Figure 1: A user’s navigation path through a sequence of images to form a password in CCP. Users click on one point per image and the current click-point determines the next image displayed.

Functional Requirements
 User can login to the system through the first page of the application using


CCP method.
User can change the password after logging into the system
User can see all the available service after login.
No of Modules
1.
Administrator
2.
3.
User
Authentication
4.
Registration
Modules Description
1.
Administrator:
Administrator is the owner of the project. He can add business rules to the system.
He can add Manager and gives the credentials to managers. He can change his password.
2.
User:
User can login to the system through the first page of the application using cued click point CCP. He can change the password after logging into the system. He can see the available service of his/her account.
He/she can edit his profile.
3.
Authentication:
This module provides security to the application. Every user focus primarily on clickbased graphical passwords. In PassPoints passwords consist of a sequence of five clickpoints on a given image. Users may select any pixels in the image as click-points

for their password. To log in, they repeat the sequence of clicks in the correct order.
Each click must be within a system-defined tolerance region of the original clickpoint. If you entered wrong user name and password then it prompts you “Incorrect
Username or Password…”
4.
Registration:
The system has a process of registration. Every user need to submit their complete details including user name and password in the form of CCP.
Whenever a user registration completed then only a user can get log in into the system by using his user id and CCP password.
No. of Users
 Admin
 User
Process Model
There is various software development approaches defined and designed which are used/employed during development process of software, these approaches are also referred as "Software Development Process Models".
Rapid Application Development (RAD) Model
RAD is a linear sequential software development process model that emphasis an extremely short development cycle using a component based construction approach.
If the requirements are well understood and defines, and the project scope is constraint, the RAD process enables a development team to create a fully functional system with in very short time period.
The traditional software development cycle follows a rigid sequence of steps with a formal sign-off at the completion of each. A complete, detailed requirements analysis is done that attempts to capture the system requirements in a Requirements
Specification. Users are forced to "sign-off" on the specification before development

proceeds to the next step. This is followed by a complete system design and then development and testing.
But, what if the design phase uncovers requirements that are technically unfeasible, or extremely expensive to implement? What if errors in the design are encountered during the build phase? The elapsed time between the initial analysis and testing is usually a period of several months. What if business requirements or priorities change or the users realize they overlooked critical needs during the analysis phase?
These are many of the reasons why software development projects either fail or don’t meet the user’s expectations when delivered.
RAD is a methodology for compressing the analysis, design, build, and test phases into a series of short, iterative development cycles. This has a number of distinct advantages over the traditional sequential development model.
RAD projects are typically staffed with small integrated teams comprised of developers, end users, and IT technical resources. Small teams, combined with short, iterative development cycles optimize speed, unity of vision and purpose, effective informal communication and simple project management.
Advantages and Disadvantages
RAD reduces the development time and reusability of components help to speed up development. All functions are modularized so it is easy to work with.
For large projects RAD require highly skilled engineers in the team. Both end customer and developer should be committed to complete the system in a much abbreviated time frame. If commitment is lacking RAD will fail. RAD is based on
Object Oriented approach and if it is difficult to modularize the project the RAD may not work well.
Process Architecture

The Application is a program which is organized into three major disjunctive tiers.
These tiers are
1. Presentation Tier (Frontend)
2. Logical Tier (Middleware)
3. Data Tier (Backend)
Each layer can be deployed in geographically separated computers in a network. We divide Logic Tier in to two sub tiers Business and Data Access Tiers, in order to increase scalability and transparency. The tiers can be deployed on physically separated machines. The characteristic of the tier communication is that the tiers will communicate only to their adjacent neighbors. For an example, The Presentation Tier will interact directly with the Business Tier and not directly with Data Access or Data
Tiers.
Architecture scenario
1. Presentation Tier
This Tier is responsible for communication with the users and it will use objects from Business Layer to response GUI raised events.
2.1 Logical Tier
This is the brain of the application. Some architects do not make any distinction between Business Tier and Data Access Tier. Their main argumentation is that additional tiers will screw down performance. We will have more advantages, if we separate Logical Tier in to Business Tier and
Data Access Tier. Some of these advantages are a. Increases code transparency

b. Supports changes in Data Layer. You can change or alter database without touching the Business Layer and this would be a very minimum touch up.
2.1 Business Tier
This sub tier contents classes to calculate aggregated values such like total revenue, cash flow and edit and this tier doesn’t know about any GUI controls and how to access databases. The classes of Data Access Tier will supply the needy information from the databases to this sub tier.
2.2 Data Access Tier
This tier acts as an interface to Data Tier. This tier knows how to (from which database) retrieve and store information.
3. Data Tier
This Tier is responsible for retrieving, storing and updating from Information therefore this tier can be ideally represented through a commercial database. We consider stored procedures as a part of te Data Tier. Usage of stored procedures increases the performance and code transparency of an application
Feasibility Report
The feasibility study is the important step in any software development process. This is because it makes analysis of different aspects like cost required for developing and executing the system, the time required for each phase of the system and so on. If these important factors are not analyzed then definitely it would have impact on the organization and the development and the system would be a total failure. So for running the project and the organization successfully this step is a very important step in a software development life cycle process.
The feasibility study varies based on the system that would be developed. a.
Feasibility study is made on the system being developed to analyze whether the system development process require training of personnel. This help in designing training sessions as required in later stage. b.
Is the system developed has scope for expanding or scope for switching to new technology later if needed in ease. In other study is made to find the portability of the system in future. c.
Is the cost of developing the system high or does it meet the budgeted costs.
That is a cost benefit analysis is made. In other words an analysis is made on cost feasibility of the project. This helps in identifying whether the organization would meet the budgeted costs and also helps the organization

in making earlier and effective plans for meeting extra costs because of the system development
Advantages of making Feasibility study a.
This study being made as the initial step of software development life cycle has all the analysis part in it which helps in analyzing the system requirements completely. b.
Helps in identifying the risk factors involved in developing and deploying the system c.
The feasibility study helps in planning for risk analysis d.
Feasibility study helps in making cost/benefit analysis which helps the organization and system to run efficiently. e.
Feasibility study helps in making plans for training developers for implementing the system.
In project development and feasibility studies stage of the SDLC, software engineers and developers should be able to:
Estimate Investment and Reward on the Project
In project planning, the investment on a certain project has to be revealed.
This will be the backbone of every project. For one, investment will dictate how much the company will spend to create certain software. This is even truer for companies that usually hire project based developers. Investment will dictate how many people will be working for the project. Aside from investment, project planning and feasibility studies should show how much the company will earn once the project is created. If it’s just a tool for businesses, it should show how it can increase the productivity of the employees and its actual impact in financial sense.
Analyze Feasibility
Researchers or proponents of the software will actually show why the software is needed in the actual business sense. Statistical data will always play a crucial role in proving why the particular software is good for public use. Most of the time, researchers will be interviewing individuals in order to get their opinion if they will use if that software is available in the market. It will also take a look at the possible competition and how will the software be different compared to other companies.

Outline Technical Needs
In project planning, developers should be able to come up with the possible technical needs of the software. These are very important since without them, software development is nearly impossible. Within the realms of the budget, developers should get the best devices to help them in project development.