Virtual Keyboard authentication has helped users to protect their
username and passwords from being captured by key loggers,
spyware and malicious bots. However Virtual Keyboard still
suffers from numerous other fallacies that an attacker can take
advantage of. These include click based screenshot capturing,
over the shoulder spoofing and co-ordinate position noting. To
overcome these drawbacks, we have designed a virtual keyboard
that is generated dynamically each time the user access the web
site. Also after each click event of the user the arrangement of the
keys of the virtual keyboard are shuffled. The position of the keys
is hidden so that a user standing behind may not be able to see the
pressed key. Our proposed approach makes the usage of virtual
keyboard even more secure for users and makes it tougher for
malware programs to capture authentication details.