Skip to main content
Article thumbnail
Location of Repository

A new graphical password scheme resistant to shoulder-surfing

By Gao Haichang, Ren Zhongjie, Chang Xiuling, Liu Xiyang and Uwe Aickelin


Shoulder-surfing is a known risk where an attacker can capture a password by direct observation or by recording\ud the authentication session. Due to the visual interface, this problem has become exacerbated in graphical passwords.\ud There have been some graphical schemes resistant or immune\ud to shoulder-surfing, but they have significant usability\ud drawbacks, usually in the time and effort to log in. In this\ud paper, we propose and evaluate a new shoulder-surfing\ud resistant scheme which has a desirable usability for PDAs. Our inspiration comes from the drawing input method in DAS and the association mnemonics in Story for sequence retrieval. The new scheme requires users to draw a curve across their password images orderly rather than click directly on them.\ud The drawing input trick along with the complementary\ud measures, such as erasing the drawing trace, displaying\ud degraded images, and starting and ending with randomly\ud designated images provide a good resistance to shoulder-surfing.\ud A preliminary user study showed that users were able to enter their passwords accurately and to remember them over time

Publisher: Institute of Electrical and Electronics Engineers
OAI identifier:
Provided by: Nottingham ePrints

Suggested articles


  1. (2004). A graphical password scheme strongly resistant to spyware”.
  2. (1998). An evaluation of the Passface personal authentication system”.
  3. (2009). Analysis and evaluation of the colorlogin graphical password scheme. doi
  4. (2007). and D.Wagner. “Cryptanalysis of a Cognitive Authentication Scheme”. In
  5. (2006). Cognitive Authentication Schemes Safe Against Spyware”. In
  6. (1973). Continuity between recall and recognition”.
  7. (2000). Déjà Vu: A User Study Using Images for Authentication”.
  8. (2006). Design and evaluation of a shoulder-surfing resistant graphical password scheme”.
  9. (2005). Design and longitudinal evaluation of a graphical password system”.
  10. (2007). Exploring the ‘Weakest Link’: A Study of Personal Password Security”. Thesis
  11. Graphical Passwords: A Survey”. In
  12. (2009). Graphical Passwords: Learning from the First Generation”.
  13. (2003). HCI and Security Systems”. presented at CHI, Extended Abstracts (Workshops).
  14. (1999). Memory for Passfaces after a Long Delay”.
  15. (1970). Models for free recall and recognition”. in Models of
  16. (2008). On purely automated attacks and click-based graphical passwords”.
  17. (2004). On user choice in graphical password schemes”.
  18. (2008). Order and entropy in Picture Passwords”.
  19. (2008). Pass-Go: A proposal to improve the usability of graphical passwords”.
  20. (2004). Password Memorability and Security: Empirical Results”.
  21. (1983). Picture memory”.
  22. (2003). Picture Password: A Visual Login Technique for Mobile Devices”.
  23. (1977). Picture superiority effect”.
  24. (2008). site accessed on
  25. (1999). The design and analysis of graphical passwords”.
  26. (2009). User interface design affects security: Patterns in click-based graphical passwords”.
  27. visKey for Pocket PC,”
  28. (2008). YAGP: Yet another graphical password strategy”.

To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.