Password security: a case history
Communications of the ACM
A PIN-entry method resilient against shoulder surfing
Proceedings of the 11th ACM conference on Computer and communications security
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Authenticating mobile phone users using keystroke analysis
International Journal of Information Security
Reducing shoulder-surfing by using gaze-based password entry
Proceedings of the 3rd symposium on Usable privacy and security
SideSight: multi-"touch" interaction around small devices
Proceedings of the 21st annual ACM symposium on User interface software and technology
HoverFlow: expanding the design space of around-device interaction
Proceedings of the 11th International Conference on Human-Computer Interaction with Mobile Devices and Services
Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Gesture signature for ambient intelligence applications: a feasibility study
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
Designing tangible magnetic appcessories
Proceedings of the 7th International Conference on Tangible, Embedded and Embodied Interaction
Exploring the design space of graphical passwords on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
MagGetz: customizable passive tangible controllers on and around conventional mobile devices
Proceedings of the 26th annual ACM symposium on User interface software and technology
Hi-index | 0.01 |
Secure user authentication on mobile phones is crucial, as they store highly sensitive information. Common approaches to authenticate a user on a mobile phone are based either on entering a PIN, a password, or drawing a pattern. However, these authentication methods are vulnerable to the shoulder surfing attack. The risk of this attack has increased since means for recording high-resolution videos are cheaply and widely accessible. If the attacker can videotape the authentication process, PINs, passwords, and patterns do not even provide the most basic level of security. In this project, we assessed the vulnerability of a magnetic gestural authentication method to the video-based shoulder surfing attack. We chose a scenario that is favourable to the attack-er. In a real world environment, we videotaped the interactions of four users performing magnetic signatures on a phone, in the presence of HD cameras from four different angles. We then recruited 22 participants and asked them to watch the videos and try to forge the signatures. The results revealed that with a certain threshold, i.e, th=1.67, none of the forging attacks was successful, whereas at this level all eligible login attempts were successfully recognized. The qualitative feedback also indicated that users found the magnetic gestural signature authentication method to be more secure than PIN-based and 2D signature methods.