'Institute of Electrical and Electronics Engineers (IEEE)'
Abstract
Shoulder-surfing is a known risk where an attacker can capture a password by direct observation or by recording
the authentication session. Due to the visual interface, this problem has become exacerbated in graphical passwords.
There have been some graphical schemes resistant or immune
to shoulder-surfing, but they have significant usability
drawbacks, usually in the time and effort to log in. In this
paper, we propose and evaluate a new shoulder-surfing
resistant scheme which has a desirable usability for PDAs. Our inspiration comes from the drawing input method in DAS and the association mnemonics in Story for sequence retrieval. The new scheme requires users to draw a curve across their password images orderly rather than click directly on them.
The drawing input trick along with the complementary
measures, such as erasing the drawing trace, displaying
degraded images, and starting and ending with randomly
designated images provide a good resistance to shoulder-surfing.
A preliminary user study showed that users were able to enter their passwords accurately and to remember them over time
Is data on this page outdated, violates copyrights or anything else? Report the problem now and we will take corresponding actions after reviewing your request.