Alphanumeric text and PINs continue to be the dominant authentication methods in spite of the numerous concerns by security researchers of their inability to properly address usability and security flaws and to effectively combine usability and security. These flaws have, however, contributed to the growing research interest in the development and use of graphical authentication systems as alternatives to text based systems. Graphical passwords or graphical authentication systems are password systems that use images rather than characters or numbers in user authentication. In spite of the growing acceptance of graphical passwords, empirical studies have shown that graphical authentication systems have also inherited some of the flaws of text-based passwords. These flaws include predictability, vulnerability to observational attacks and the inability of systems to efficiently combine security with usability. Hence, there is a continued quest to find a "system" that has both strong usability and strong security. This paper is a detailed review of the current state of research into graphical authentication systems. The paper considers in detail some of the mechanisms used in graphical authentication, along with the flaws and strengths of each. The paper also concludes with some suggested ways forward.