Design and evaluation of a shoulder-surfing resistant graphical password scheme

Susan Wiedenbeck, Jim Waters, Leonardo Sobrado, Jean Camille Birget

Research output: Chapter in Book/Report/Conference proceedingConference contribution

238 Scopus citations

Abstract

When users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individual's authentication session. This is referred to as shoulder-surfing and is a known risk, of special concern when authenticating in public places. Until recently, the only defense against shoulder-surfing has been vigilance on the part of the user. This paper reports on the design and evaluation of a game-like graphical method of authentication that is resistant to shoulder-surfing. The Convex Hull Click (CHC) scheme allows a user to prove knowledge of the graphical password safely in an insecure location because users never have to click directly on their password images. Usability testing of the CHC scheme showed that novice users were able to enter their graphical password accurately and to remember it over time. However, the protection against shoulder-surfing comes at the price of longer time to carry out the authentication.

Original languageEnglish (US)
Title of host publicationProceedings of the AVI '06 - Working Conference on Advanced Visual Interfaces 2006
Pages177-184
Number of pages8
DOIs
StatePublished - 2006
EventAVI '06 - Working Conference on Advanced Visual Interfaces 2006 - Venezia, Italy
Duration: May 23 2006May 26 2006

Publication series

NameProceedings of the Workshop on Advanced Visual Interfaces
Volume2006

Other

OtherAVI '06 - Working Conference on Advanced Visual Interfaces 2006
Country/TerritoryItaly
CityVenezia
Period5/23/065/26/06

All Science Journal Classification (ASJC) codes

  • Computer Science(all)

Keywords

  • Authentication
  • Convex hull click scheme
  • Graphical passwords
  • Password security
  • Shoulder-surfing
  • Usable security

Fingerprint

Dive into the research topics of 'Design and evaluation of a shoulder-surfing resistant graphical password scheme'. Together they form a unique fingerprint.

Cite this