Doodling our way to better authentication
CHI '02 Extended Abstracts on Human Factors in Computing Systems
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
A PIN-entry method resilient against shoulder surfing
Proceedings of the 11th ACM conference on Computer and communications security
Towards Secure Design Choices for Implementing Graphical Passwords
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
PassPoints: design and longitudinal evaluation of a graphical password system
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Cognitive Authentication Schemes Safe Against Spyware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Graphical dictionaries and the memorable space of graphical passwords
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract)
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Reducing shoulder-surfing by using gaze-based password entry
Proceedings of the 3rd symposium on Usable privacy and security
Graphical passwords & qualitative spatial relations
Proceedings of the 3rd symposium on Usable privacy and security
Do background images improve "draw a secret" graphical passwords?
Proceedings of the 14th ACM conference on Computer and communications security
Evaluation of eye-gaze interaction methods for security enhanced PIN-entry
OZCHI '07 Proceedings of the 19th Australasian conference on Computer-Human Interaction: Entertaining User Interfaces
Use Your Illusion: secure authentication usable anywhere
Proceedings of the 4th symposium on Usable privacy and security
VIP: a visual approach to user authentication
Proceedings of the Working Conference on Advanced Visual Interfaces
Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Password entry usability and shoulder surfing susceptibility on different smartphone platforms
Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia
WYSWYE: shoulder surfing defense for recognition based graphical passwords
Proceedings of the 24th Australian Computer-Human Interaction Conference
Know your enemy: the risk of unauthorized access in smartphones by insiders
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Modifying smartphone user locking behavior
Proceedings of the Ninth Symposium on Usable Privacy and Security
Exploring the design space of graphical passwords on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
On the ecological validity of a password study
Proceedings of the Ninth Symposium on Usable Privacy and Security
On the security of picture gesture authentication
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
Graphical passwords are often considered prone to shoulder-surfing attacks, where attackers can steal a user's password by peeking over his or her shoulder in the authentication process. In this paper, we explore shoulder surfing defence for recall-based graphical password systems such as Draw-A-Secret and Background Draw-A-Secret, where users doodle their passwords (i.e. secrets) on a drawing grid. We propose three innovative shoulder surfing defence techniques, and conduct two separate controlled laboratory experiments to evaluate both security and usability perspectives of the proposed techniques. One technique was expected to work to some extent theoretically, but it turned out to provide little protection. One technique provided the best overall shoulder surfing defence, but also caused some usability challenges. The other technique achieved reasonable shoulder surfing defence and good usability simultaneously, a good balance which the two other techniques did not achieve. Our results appear to be also relevant to other graphical password systems such as Pass-Go.