Today user authentication stands out as one of the most essential areas in information security which has several ways of being implemented. From time in memorial authentication schemes that apply strong text-based passwords have been typically expected to offer some assurance of security. But committing to memory such strong passwords can prove to be quite a daunting task thus forcing users to resort to writing them down on pieces of papers or even storing them onto a computer file. As a means of thwarting such habits, graphical authentication has been proposed as a replacement for text-based authentication. This has been spurred by the fact the humans have a natural inclination to remember images more easily than text. Most Information Communication and Telecommunication (ICT) environments in the last 20 years have tried to implement graphical user authentication schemes. The effectiveness of a graphical password is measured by its level of usability and security. Despite there being many existing algorithms most have failed to achieve both aspects simultaneously. To start with this paper reviews the pure and cued recall-based algorithms graphical password authentication schemes together with their shortcomings and probable attacks. Thereafter a comparative analysis of all Recall-Based algorithms based on attack patterns of graphical user authentication is tabulated. This is then followed by a discussion on the newly proposed algorithm that is based on a multi size grid and its evaluation by an attacker team. Finally, a comparison of the newly proposed algorithm and previous algorithms will be evaluated in a table.

Key words: Recall-based GUA, pure recall-based algorithm, cued recall-based algorithm, graphical password, usability, security, attack patterns.