A PIN-entry method resilient against shoulder surfing
Proceedings of the 11th ACM conference on Computer and communications security
PassPoints: design and longitudinal evaluation of a graphical password system
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Security and Usability
Spy-resistant keyboard: more secure password entry on public touch screen displays
OZCHI '05 Proceedings of the 17th Australia conference on Computer-Human Interaction: Citizens Online: Considerations for Today and the Future
Cognitive Authentication Schemes Safe Against Spyware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Reducing shoulder-surfing by using gaze-based password entry
Proceedings of the 3rd symposium on Usable privacy and security
Graphical passwords & qualitative spatial relations
Proceedings of the 3rd symposium on Usable privacy and security
Evaluation of eye-gaze interaction methods for security enhanced PIN-entry
OZCHI '07 Proceedings of the 19th Australasian conference on Computer-Human Interaction: Entertaining User Interfaces
Undercover: authentication usable in front of prying eyes
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Use Your Illusion: secure authentication usable anywhere
Proceedings of the 4th symposium on Usable privacy and security
Vibrapass: secure authentication based on shared lies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Look into my eyes!: can you guess my password?
Proceedings of the 5th Symposium on Usable Privacy and Security
ColorPIN: securing PIN entry through indirect input
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The haptic wheel: design & evaluation of a tactile password system
CHI '10 Extended Abstracts on Human Factors in Computing Systems
A closer look at recognition-based graphical passwords on mobile devices
Proceedings of the Sixth Symposium on Usable Privacy and Security
Usably secure, low-cost authentication for mobile banking
Proceedings of the Sixth Symposium on Usable Privacy and Security
Implicit authentication for mobile devices
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
MARASIM: a novel jigsaw based authentication scheme using tagging
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Can users remember their pictorial passwords six years later
CHI '11 Extended Abstracts on Human Factors in Computing Systems
(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers
Proceedings of the 18th ACM conference on Computer and communications security
Shoulder surfing defence for recall-based graphical passwords
Proceedings of the Seventh Symposium on Usable Privacy and Security
Evaluating the usability and security of a graphical one-time PIN system
BCS '10 Proceedings of the 24th BCS Interaction Specialist Group Conference
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
Exploring the design space of graphical passwords on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
| Hi-index | 0.00 |
Recognition based graphical passwords are inherently vulnerable to shoulder surfing attacks because of their visual mode of interaction. In this paper, we propose and evaluate two novel shoulder-surfing defense techniques for recognition based graphical passwords. These techniques are based on WYSWYE (Where You See is What You Enter) strategy, where the user identifies a pattern of password images within a presented grid of images and replicates it onto another grid. We conducted controlled laboratory experiments to evaluate the usability and security of the proposed techniques. Both the schemes had high login success rates with no failures in authentication. More than seventy percent of participants successfully logged on to the system in their first attempt in both the schemes. The participants were satisfied with the schemes and were willing to use it in public places. In addition, both the schemes were significantly secure against shoulder surfing than normal unprotected recognition based graphical passwords. The login efficiency improved with practice in one of the proposed scheme. We believe, WYSWYE strategy has considerable potential and can easily be extended to other types of authentication systems such as text passwords and PINS.