Security in data communication is a very important concern today. Cloud computing is a revolutionary mechanism that changing way to enterprise hardware and software design and procurements. Because of cloud simplicity everyone is moving data and application software to cloud data centre. The Cloud service provider (CSP) should ensure integrity, availability, privacy and confidentiality but CSP is not providing reliable data services to customer and to stored customer data. Securely sending and receiving data in the above area is an important as the data is crucial. In today’s world the password security is very important. If the confidentiality of the information of very high value, it should be protected. If you want to stop the unauthorised disclosure or alteration of the information, secure it. Unauthorised persons access should be controlled and security for the files in the cloud should be provided. The main focus of this paper is to combine the graphical password technique for login security and cryptography for file security, thereby providing the user with highly secured file securing system.Cryptography is a technique which is used to protect the important data. Encryption is the science of changing data so that it is unrecognisable and useless to an unauthorised person. Decryption is changing it back to its original form. For password protection various techniques are available. Cued Click Points are a click-based graphical password scheme, a cued-recall graphical password technique. Cryptography and graphical password technique are well known and widely used techniques that manipulate information (messages) in order to cipher or hide their existence respectively. Cryptography scrambles a message so it cannot be understood. In this paper we will focus to develop one system, which uses both cryptography and graphical password technique for better confidentiality and security. Presently we have very secure methods for both cryptography and graphical password authentication – AES algorithm is a very secure technique for cryptography and Cued Click Points (CCP) is a proposed click-based graphical password scheme for graphical password authentication. Even if we combine these techniques straight forwardly, there is a chance that the intruder may detect the original message. Therefore, our idea is to apply both of them together with more security levels and to get a very highly secured system for data hiding. This paper mainly focuses on to develop a new system with extra security features where a meaningful piece of text message can be hidden by combining security techniques like Cryptography and graphical password authentication.Authentication is the process of determining whether a user should be allowed to access to a particular system or resource. User can’t remember strong password easily and the passwords that can be remembered are easy to guess. A password authentication system should encourage strong and less predictable passwords while maintaining security. This password authentication system allows user choice while influencing users towards stronger passwords. The task of selecting weak passwords (which are easy for attackers to guess) is more tedious, avoids users from making such choices. In effect, this authentication schemes makes choosing a more secure password the path-of-least-resistance. Rather than increasing the burden on users, it is easier to follow the system’s suggestions for a secure password — a feature absent in most schemes.Various graphical password schemes have been proposed as alternatives to text-based passwords. Research has shown that text-based passwords are filled with both usability and security problems that make them less desirable solutions. Studies revealed that the human brain is better at recognizing and recalling images than text. Graphical passwords are meant to capitalize on this human characteristic in hopes that by reducing the memory burden on users, coupled with a larger full password space offered by images, more secure passwords can be produced and users will not resort to unsafe practices in order to cope.Graphical passwords may offer better security than text-based passwords because most of the people, in an attempt to memorize text-based passwords, use plain words (rather than the jumble of characters). A dictionary search can hit on a password and allow a hacker to gain entry into a system in seconds. But if a series of selected images is used on successive screen pages, and if there are many images on each page, a hacker must try every possible combination at random.Cued Click Points (CCP) is a graphical password scheme. In CCP, users click one point on each image rather than on four points on one image. It offers cued-recall and introduces visual cues that instantly alert valid users if they have made a mistake when entering their latest click-point. It also makes attacks based on hotspot analysis more challenging.The Cued Click-Point method is very usable and provides great security using hotspot technique. By taking advantage of user’s ability to recognize images and the memory trigger associated with seeing a new image. Cued Click Point is more secure than the previous graphical authentication method such as Pass Point Graphical Password. CCP increases the workload for attackers by forcing them to first acquire image sets for each user, and then analyze for hotspot on each of these images. Cued Click-Points method has advantages over other password schemes in terms of usability, security and memorable authentication mechanism.The system designed consists of three modules: user registration module, picture selection module and system login module.In user registration module user enters the user name in user name. When user entered the all user details in registration phase, this user registration data is stored in data base and used during login phase for verification. In picture selection phase the pictures are selected by the user from the database of the password system. In picture selection phase user select any image as passwords and consist of a sequence of four click-points on a given image. Users may select any pixels in the image as click-points for their password. Users must select a click-point in the image and proceed on the next image. During system login process, images are displayed normally, without shading or the viewport, and repeat the sequence of clicks in the correct order, within a system-defined tolerance square of the original click-points.The cloud computing does not provide control over the stored data in cloud data centers. The cloud service providers have full of control over the data, they can perform any malicious tasks such as copy, destroying, modifying, etc. The cloud computing ensures certain level of control over the virtual machines. Due to this lack of control over the data leads in greater security issues than the generic cloud computing model.The only encryption doesn’t give full control over the stored data but it gives somewhat better than plain data.IDENTITY MANAGEMENT AND ACCESS CONTROL The integrity and confidentiality of data and services are related with access control and identity management. It is important to maintain track record for user identity for avoiding unauthorized access to the stored data. The identity and access controls are complex in cloud computing because of that data owner and stored data are at different executive platforms. In cloud environment, different organizations use variety of authentication authorization agenda. By using different approaches for authentication and authorization gives a compound situation over a period of time. The cloud resources are dynamic and are elastic for cloud user and IP addresses are continuously changed when services are started or restarted in pay per usage model. That allows the cloud users to join and leave feature to cloud resources when they required i.e., on-demand access policy. All these features need efficient and effective access control and identity management. The cloud has to maintain quickly updating and managing identity management for joining and leaving users over cloud resources. There are many issues in access control and identity management, for example weak credentials may reset easily, denial of service attack to lock the account for a period of time, Weak logging and monitoring abilities, and XML wrapping attacks on web pages.An insider threat can be posed by employees, contractors and /or third party business partners of an organization. In cloud environment i.e., at Cloud Service Provider (CSP) side attacks leads to loss of user’s information integrity, confidentiality, and security. This leads to information loss or breaches at both environments. This attack is precious and it is well known to most of the organization 7.There is variety of attack patterns performed by insiders because of sophistication about internal structure of an organization data storage structure. Most organizations ignoring this attack because it is very hard to defend and impossible to find the complete solution for this attack. This attack ensures great risk in terms of data breaches and loss confidentiality at both organization and cloud level.Attacks that come from external origins are called outsider attacks. Data security is one of the important issue in cloud computing. Since service providers does not have permission for access to the physical security system of data centre. But they must depend on the infrastructure provider to get full data security. In a virtual private cloud environment, the service provider can only specify the security setting remotely, and we don’t know exactly those are fully implemented. In this Process, the infrastructure provider must reach the following objectives: confidentiality, for secure data transfer and access, and audit ability. So that outside intruders can’t access sensitive data which is stored in cloud.