Shoulder-surfing is a known risk where an attacker can capture a password by direct observation or by recording\ud the authentication session. Due to the visual interface, this problem has become exacerbated in graphical passwords.\ud There have been some graphical schemes resistant or immune\ud to shoulder-surfing, but they have significant usability\ud drawbacks, usually in the time and effort to log in. In this\ud paper, we propose and evaluate a new shoulder-surfing\ud resistant scheme which has a desirable usability for PDAs. Our inspiration comes from the drawing input method in DAS and the association mnemonics in Story for sequence retrieval. The new scheme requires users to draw a curve across their password images orderly rather than click directly on them.\ud The drawing input trick along with the complementary\ud measures, such as erasing the drawing trace, displaying\ud degraded images, and starting and ending with randomly\ud designated images provide a good resistance to shoulder-surfing.\ud A preliminary user study showed that users were able to enter their passwords accurately and to remember them over time
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.