Text based password is most commonly used user authentication. To log on to websites, users must memorize the selected password. Password based authentication can resist brute force and dictionary attacks, if they select a stronger password but users often select weak password for their convenience and remembrance. They reuse password in different sites for simplicity, it would make the attacker to find their passwords in different sites. These are caused by the negative impact of human behavior. Typing password on untrusted computers suffers from stealing of password i.e. shoulder surfing.