124:. Shoulder surfing is more likely to occur in crowded places because it is easier to observe the information without getting the victim's attention. There are two types of shoulder-surfing attack: direct observation attacks, in which authentication information is obtained by a person who is directly monitoring the authentication sequence, and recording attacks, in which the authentication information is obtained by recording the authentication sequence for later analysis to open the device. Apart from threats to password or PIN entry, shoulder surfing also occurs in daily situations to uncover private content on handheld mobile devices; shoulder surfing visual content was found to leak sensitive information of the user and even private information about third parties.
285:
increased risk unless somehow mitigated in implementation. The results indicate the fact that both alphanumeric and graphical password-based authentication mechanisms may have a significant vulnerability to shoulder-surfing unless certain precautions are taken. Despite the common belief that nondictionary passwords are the most secure type of password-based authentication, our results demonstrate that it is, in fact, the most vulnerable configuration to shoulder-surfing.
25:
171:
characters, users select a sequence of colors or pictures to unlock the system. The order of the colors and pictures selected during the sign-in process has to match with the order at registration. This anti-shoulder surfing security method was developed based on survey results of users' affinity of
321:
process secure. Examples include PIN pads with built-in privacy shields. Another example used in ATMs and some entry systems is that of the use of metal PIN pads, making thermal camera attacks nearly impossible due to their material, shielding, reflectivity or internal heating. The transfer of heat
151:
Researchers proposed ways to counter shoulder surfing on mobile devices by leveraging the front-facing camera for gaze-based password entry. For example, GazeTouchPIN and GazeTouchPass combine gaze input in the form of eye movements to the left/right, and touch input by tapping on-screen buttons.
147:
eye tracking with an accuracy of 1˚ of visual angle. Eye trackers are a specialized application of computer vision. A camera is used to monitor the user's eyes. One or more infrared light sources illuminate the user's face and produce a glint – a reflection of the light source on the cornea. As the
330:
The cognitive trapdoor game has three groups involved in it: a machine verifier, a human prover, and a human observer. The goal of each group is that a human prover has to input the PIN by answering the questions posed by the machine verifier while an observer attempts to shoulder surf the PIN. As
284:
is improved memorability. However, the potential detriment of this advantage is the increased risk of shoulder-surfing. Graphical passwords that use graphics or pictures such as PassFaces, Jiminy, VIP, Passpoints or a combination of graphics and audio such as AVAP are likely all subject to this
142:
passwords by using an on-screen keyboard and with graphical password schemes as surveyed in. A variety of considerations is important for ensuring usability and security. Eye-tracking technology has progressed significantly since its origins in the early 1900s. State of the art eye trackers offers
316:
process. On items such as mobile phones with glass, glossy screens, the user could leave smudges on the screen, revealing a PIN. Some highly advanced attacks use thermal cameras to see the thermal signature of the PIN entered. Thermal attacks take advantage of heat fingerprints remaining on keys
114:
or similar hardware. Attackers do not need any technical skills in order to perform this method, and keen observation of victims' surroundings and the typing pattern is sufficient. In the early 1980s, shoulder surfing was practiced near public pay phones to steal calling card digits and make
572:
Jacob, R. J. K. and K. S. Karn, Eye
Tracking in HumanComputer Interaction and Usability Research: Ready to Deliver the Promises, in The Mind's eye: Cognitive and Applied Aspects of Eye Movement Research, J. Hyona, R. Radach, and H. Deubel, Editors. Elsevier Science: Amsterdam. pp. 573–605,
223:
For access to sensitive information with a low risk of shoulder surfing, the secret tap method is a technique that does not expose the authentication information during entry, even if other individuals try to view the input process. Additionally, the risk of camera recordings also poses a
119:
and secret microphones makes shoulder surfing easier and gives the attacker more scope to perform long-range shoulder surfing. A hidden camera allows the attacker to capture the whole login process and other confidential data of the victim, which ultimately could lead to financial loss or
137:
The basic procedure for gaze-based password entry is similar to normal password entry, except that in place of typing a key or touching the screen, the user looks at each desired character or trigger region in sequence (same as eye typing). The approach can, therefore, be used both with
148:
user looks in different directions the pupil moves but the location of the glint on the cornea remains fixed. The relative motion and position of the center of the pupil and the glint are used to estimate the gaze vector, which is then mapped to coordinates on the screen plane.
172:
choices, and through observation on the way children paint pictures. The resulting mechanism was developed from the survey of user choices, and the outcome created three input schemes named Swipe Scheme, Colour Scheme, and Scot Scheme. Swipe Scheme is implemented in
152:
These methods are more secure than traditional touch-based input (e.g., PIN and Lock
Patterns) because they require shoulder surfers to (1) observe the user's eyes, (2) observe the user's touch input, and (3) combine the observations.
668:
R. C. Thomas, A. Karahasanovic, and G. E. Kennedy, "An
Investigation into Keystroke Latency Metrics as an Indicator of Programming Performance," presented at Australasian Computing Education Conference 2005, Newcastle, Australia
627:
L. K. Seng, N. Ithnin and H. K. Mammi, “User’s
Affinity of Choice: Features of Mobile Device Graphical Password Scheme’s Anti-Shoulder Surfing Mechanism”, International Journal of Computer Science Issues, vol. 2, no. 8, (2011)
261:: Maintain the resistance strength at a level that prevents the authentication process from being broken more easily than by a brute-force attack on a four-digit PIN. This policy follows the standard put forth in ISO 9564-1.
595:
Khamis et al. GazeTouchPass: Multimodal
Authentication Using Gaze and Touch on Mobile Devices. In Proceedings of the 34th Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems (CHI 2016 EA) 2016.
678:
L. K. Seng, N. Ithnin and H. K. Mammi, “User’s
Affinity of Choice: Features of Mobile Device Graphical Password Scheme’s Anti-Shoulder Surfing Mechanism”, International Journal of Computer Science Issues, vol. 2, no. 8,
772:
Lee, M. (2014, April). Security
Notions and Advanced Method for Human Shoulder-Surfing Resistant PIN-Entry. IEEE Transactions on Information Forensics and Security, 9(4), 695–708. doi:10.1109/tifs.2014.2307671
582:
Khamis et al. GazeTouchPIN: Protecting
Sensitive Data on Mobile Devices using Secure Multimodal Authentication. In Proceedings of the 19th ACM International Conference on Multimodal Interaction (ICMI 2017)
98:
and other confidential data by looking over the victim's shoulder. Unauthorized users watch the keystrokes inputted on a device or listen to sensitive information being spoken, which is also known as
246:: Maintain the resistance strength at a level that prevents the authentication information from being revealed to other individuals, even if the authentication operation is performed numerous times.
252:: Maintain the resistance strength at a level that prevents the authentication information from being analyzed by other individuals even if the authentication operation is fully recorded.
312:
in some situations, it is vulnerable to shoulder surfing attacks. An attacker can obtain the PIN either by directly looking over the victim's shoulder or by recording the whole
331:
the countermeasures are by design harder to easily usurp, it is not easy for the observer to remember the whole login process unless the observer has a recording device.
43:
806:
Roth, V., & Richter, K. (2006). How to fend off shoulder surfing. Journal of
Banking & Finance, 30(6), 1727-1751. doi:10.1016/j.jbankfin.2005.09.010
228:. Therefore, it is necessary to make the authentication process more complex in order to prevent authentication information from being stolen. For example,
115:
long-distance calls or sell them in the market for cheaper prices than the original purchaser paid. However, the advent of modern-day technologies like
110:
This attack can be performed either at close range (by directly looking over the victim's shoulder) or from a longer range with, for example, a pair of
642:
563:
Suo, X. and Y. Zhu. Graphical
Passwords: A Survey. In Proceedings of Annual Computer Security Applications Conference. Tucson, Arizona, USA, 2005.
317:
after the authenticating person is done entering the secret. So, various shoulder surfing resistant PIN entry methodologies are used to make the
179:, and in later versions, it is known as Picture Password; however it has drawn criticism for requiring the user to use a secure enough gesture.
716:
439:
387:
825:. Proceedings of the 2022 International Conference on Advanced Visual Interfaces (AVI 2022), June 6–10, 2022, Frascati, Rome, Italy.
343:
to mitigate the issues of shoulder surfing; however, gesture controls, buttons pressed, and voice commands could still be attacked.
609:
Seng, Lim Kah; Ithnin, Norafida; Mammi, Hazinah Kutty (2012). "An Anti-Shoulder Surfing Mechanism and its Memorability Test".
38:
for from the section "Painting album mechanism" onwards, the grammar and spelling becomes confusing and in places nonsensical.
757:
842:
296:(or PIN for short) is used to authenticate oneself in various situations, while withdrawing or depositing money from an
239:
The secret tap authentication method can use icons or some other form of system. The goals of a secret tap system are:
782:
530:
61:
690:"Smudge attacks on smartphone touch screens | Proceedings of the 4th USENIX conference on Offensive technologies"
852:
749:
Towards robustness of keyboard-entered authentication factors with thermal wiping against thermographic attacks
293:
91:
367:
83:
309:
267:: Maintain a level of usability that permits operators to perform the authentication operation with ease.
35:
689:
413:
322:
through wiping with warm objects or hands is found effective to counter thermal attacks in experiments.
305:
506:
Eiband, Malin; Khamis, Mohamed; von Zezschwitz, Emanuel; Hussmann, Heinrich; Alt, Florian (May 2017).
139:
297:
847:
340:
746:
Fritsch, Lothar; Mecaliff, Marie; Opdal, Kathinka W.; Rundgreen, Mathias; Sachse, Toril (2022).
391:
163:
is an anti-shoulder surfing mechanism, which has characteristics of both recall and recognition
144:
233:
164:
8:
817:
212:
Swipe the picture, touch the pictures and select the colored boxes, all at the same time
584:
597:
536:
357:
277:
256:
492:
753:
629:
526:
466:
No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing
352:
225:
75:
540:
479:
Goucher, Wendy (November 2011). "Look behind you: The dangers of shoulder surfing".
518:
488:
271:
819:
Understanding Shoulder Surfer Behavior and Attack Patterns Using Virtual Reality
507:
318:
121:
116:
508:"Understanding Shoulder Surfing in the Wild: Stories from Users and Observers"
836:
99:
747:
522:
515:
Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems
281:
168:
643:"Windows 10 picture password: Draw your own conclusions about its safety"
87:
236:
or facial recognition which cannot be replicated by a shoulder surfer.
229:
111:
176:
173:
664:
662:
362:
95:
505:
388:"Shoulder surfing - definition of shoulder surfing in ... (n.d.)"
659:
272:
Comparison of risks between alphanumeric and graphical passwords
301:
745:
313:
717:"Thermal-imaging devices can steal your PINs and passcodes"
167:. Rather than using a regular PIN or password involving
611:
International Journal of Security and Its Applications
585:
http://www.mkhamis.com/data/papers/khamis2017icmi.pdf
598:
http://www.mkhamis.com/data/papers/khamis2016chi.pdf
816:Abdrabou, Yasmeen; et al. (June 6–10, 2022).
630:https://www.researchgate.net/publication/266183490
834:
204:Touch the picture then select the colored boxes
608:
559:
557:
440:"Social Engineering: Manipulating the Source"
308:. Though this method of authentication is a
132:
468:. Burlington, MA: Syngress. pp. 27–60.
155:
554:
464:Long, Johnny (2008). "Shoulder surfing".
325:
62:Learn how and when to remove this message
815:
783:"Stealing ATM PINs with thermal cameras"
640:
478:
835:
105:
92:personal identification numbers (PINs)
741:
739:
737:
463:
218:
18:
752:. Gesellschaft fĂĽr Informatik e.V.
444:SANS Institute InfoSec Reading Room
437:
13:
734:
334:
127:
14:
864:
23:
809:
800:
775:
766:
709:
682:
672:
641:Spector, Lincoln (2016-03-14).
634:
621:
602:
589:
300:, unlocking a phone, a door, a
576:
566:
499:
472:
457:
431:
406:
380:
294:Personal identification number
1:
493:10.1016/s1361-3723(11)70116-6
481:Computer Fraud & Security
438:Kee, Jared (April 28, 2008).
373:
368:Social engineering (security)
310:two step verification process
244:Covert observation resistance
288:
7:
843:Hacking (computer security)
414:"What Is Shoulder Surfing?"
346:
250:Recording attack resistance
10:
869:
16:Type of social engineering
133:Gaze-based password entry
86:technique used to obtain
298:automatic teller machine
161:Painting album mechanism
156:Painting album mechanism
143:non-encumbering, remote
721:www.consumeraffairs.com
523:10.1145/3025453.3025636
341:virtual reality headset
276:The primary benefit of
232:use biometrics such as
517:. pp. 4254–4265.
326:Countermeasure testing
282:alphanumeric passwords
853:Computing terminology
394:on December 20, 2016
339:A user could wear a
234:fingerprint scanning
165:graphical techniques
278:graphical passwords
196:Swipe the pictures
106:Methods and history
358:Information diving
257:Brute-force attack
84:social engineering
42:You can assist by
759:978-3-88579-719-7
353:Credit card fraud
219:Secret tap method
216:
215:
76:computer security
72:
71:
64:
860:
827:
826:
824:
813:
807:
804:
798:
797:
795:
794:
779:
773:
770:
764:
763:
743:
732:
731:
729:
728:
713:
707:
706:
704:
703:
694:
686:
680:
676:
670:
666:
657:
656:
654:
653:
638:
632:
625:
619:
618:
606:
600:
593:
587:
580:
574:
570:
564:
561:
552:
551:
549:
547:
512:
503:
497:
496:
476:
470:
469:
461:
455:
454:
452:
450:
435:
429:
428:
426:
425:
418:www.experian.com
410:
404:
403:
401:
399:
390:. Archived from
384:
182:
181:
80:shoulder surfing
67:
60:
56:
53:
47:
27:
26:
19:
868:
867:
863:
862:
861:
859:
858:
857:
833:
832:
831:
830:
822:
814:
810:
805:
801:
792:
790:
781:
780:
776:
771:
767:
760:
744:
735:
726:
724:
715:
714:
710:
701:
699:
692:
688:
687:
683:
677:
673:
667:
660:
651:
649:
639:
635:
626:
622:
607:
603:
594:
590:
581:
577:
571:
567:
562:
555:
545:
543:
533:
510:
504:
500:
477:
473:
462:
458:
448:
446:
436:
432:
423:
421:
412:
411:
407:
397:
395:
386:
385:
381:
376:
349:
337:
335:Virtual reality
328:
291:
274:
221:
158:
140:character-based
135:
130:
128:Countermeasures
108:
68:
57:
51:
48:
41:
28:
24:
17:
12:
11:
5:
866:
856:
855:
850:
848:Hacker culture
845:
829:
828:
808:
799:
787:Naked Security
774:
765:
758:
733:
708:
681:
671:
658:
633:
620:
601:
588:
575:
565:
553:
531:
498:
471:
456:
430:
405:
378:
377:
375:
372:
371:
370:
365:
360:
355:
348:
345:
336:
333:
327:
324:
319:authentication
290:
287:
273:
270:
269:
268:
262:
253:
247:
220:
217:
214:
213:
210:
206:
205:
202:
198:
197:
194:
190:
189:
188:Input Methods
186:
157:
154:
134:
131:
129:
126:
122:identity theft
117:hidden cameras
107:
104:
70:
69:
31:
29:
22:
15:
9:
6:
4:
3:
2:
865:
854:
851:
849:
846:
844:
841:
840:
838:
821:
820:
812:
803:
788:
784:
778:
769:
761:
755:
751:
750:
742:
740:
738:
722:
718:
712:
698:
691:
685:
675:
665:
663:
648:
644:
637:
631:
624:
616:
612:
605:
599:
592:
586:
579:
569:
560:
558:
542:
538:
534:
532:9781450346559
528:
524:
520:
516:
509:
502:
494:
490:
487:(11): 17–20.
486:
482:
475:
467:
460:
445:
441:
434:
419:
415:
409:
393:
389:
383:
379:
369:
366:
364:
361:
359:
356:
354:
351:
350:
344:
342:
332:
323:
320:
315:
311:
307:
303:
299:
295:
286:
283:
279:
266:
263:
260:
258:
254:
251:
248:
245:
242:
241:
240:
237:
235:
231:
227:
211:
208:
207:
203:
200:
199:
195:
192:
191:
187:
185:Input Schemes
184:
183:
180:
178:
175:
170:
166:
162:
153:
149:
146:
141:
125:
123:
118:
113:
103:
101:
100:eavesdropping
97:
93:
89:
85:
82:is a type of
81:
77:
66:
63:
55:
52:December 2023
45:
39:
37:
32:This article
30:
21:
20:
818:
811:
802:
791:. Retrieved
789:. 2011-08-17
786:
777:
768:
748:
725:. Retrieved
723:. 2014-09-02
720:
711:
700:. Retrieved
696:
684:
674:
650:. Retrieved
646:
636:
623:
614:
610:
604:
591:
578:
568:
544:. Retrieved
514:
501:
484:
480:
474:
465:
459:
447:. Retrieved
443:
433:
422:. Retrieved
420:. 2018-04-30
417:
408:
396:. Retrieved
392:the original
382:
338:
329:
292:
280:compared to
275:
264:
255:
249:
243:
238:
222:
201:Color Scheme
193:Swipe Scheme
169:alphanumeric
160:
159:
150:
136:
109:
79:
73:
58:
49:
36:copy editing
34:may require
33:
617:(4): 87–96.
449:October 24,
398:October 21,
230:smartphones
209:Scot Scheme
145:video-based
88:information
837:Categories
793:2020-07-25
727:2020-07-25
702:2020-07-25
697:dl.acm.org
652:2020-02-23
424:2020-02-23
374:References
259:resistance
112:binoculars
44:editing it
289:PIN entry
265:Usability
177:Windows 8
174:Microsoft
96:passwords
541:11454671
363:Phishing
347:See also
90:such as
647:PCWorld
756:
679:(2011)
546:May 3,
539:
529:
302:laptop
226:threat
823:(PDF)
693:(PDF)
669:2005.
537:S2CID
511:(PDF)
314:login
304:or a
754:ISBN
573:2003
548:2018
527:ISBN
485:2011
451:2016
400:2016
519:doi
489:doi
306:PDA
74:In
839::
785:.
736:^
719:.
695:.
661:^
645:.
613:.
556:^
535:.
525:.
513:.
483:.
442:.
416:.
102:.
94:,
78:,
796:.
762:.
730:.
705:.
655:.
615:6
550:.
521::
495:.
491::
453:.
427:.
402:.
65:)
59:(
54:)
50:(
46:.
40:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.