Authentication is the first step in information security. It requires the user to memorize their password and remember at login time. Textual passwords are the most traditional schemes that are used for providing security, but textual passwords are vulnerable to dictionary attacks, shoulder surfing and spyware. Graphical password schemes overcome the shortcomings of textual passwords, but they were vulnerable to shoulder surfing attacks. Since conventional password schemes are vulnerable to shoulder surfing, many shoulder surfing resistant graphical password schemes have been proposed.