Shoulder Surfing attack in graphical password authentication

Information and computer security is supported largely by passwords which are the principle part of the authentication process. The most common computer authentication method is to use alphanumerical username and password which has significant drawbacks. To overcome the vulnerabilities of traditional methods, visual or graphical password schemes have been developed as possible alternative solutions to text-based scheme. A potential drawback of graphical password schemes is that they are more vulnerable to shoulder surfing than conventional alphanumeric text passwords. When users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individual's authentication session. This is referred to as shoulder- surfing and is a known risk, of special concern when authenticating in public places. In this paper we will present a survey on graphical password schemes from 2005 till 2009 which are proposed to be resistant against shoulder surfing attacks.

[1]  A. Ant Ozok,et al.  A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords , 2006, SOUPS '06.

[2]  Mohammed Misbahuddin,et al.  A user friendly password authenticated key agreement for multi server environment , 2009, ICAC3 '09.

[3]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[4]  Julie Thorpe,et al.  Pass-thoughts: authenticating with our minds , 2005, NSPW '05.

[5]  Cheryl V. Hinds,et al.  Increasing security and usability of computer systems with graphical passwords , 2007, ACM-SE 45.

[6]  Daniele D. Giusto,et al.  An Association-Based Graphical Password Design Resistant to Shoulder-Surfing Attack , 2005, 2005 IEEE International Conference on Multimedia and Expo.

[7]  Angelos Stavrou,et al.  Universal Multi-Factor Authentication Using Graphical Passwords , 2008, 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems.

[8]  Xiaolin Li,et al.  S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[9]  Patrick Olivier,et al.  Securing passfaces for description , 2008, SOUPS '08.

[10]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[11]  Li-Tung Weng,et al.  Graphical Passwords Using Images with Random Tracks of Geometric Shapes , 2008, 2008 Congress on Image and Signal Processing.

[12]  Dugald Ralph Hutchings,et al.  Order and entropy in picture passwords , 2008, Graphics Interface.

[13]  Xiyu Liu,et al.  A Stroke-Based Textual Password Authentication Scheme , 2009, 2009 First International Workshop on Education Technology and Computer Science.

[14]  Patrick Olivier,et al.  Graphical passwords & qualitative spatial relations , 2007, SOUPS '07.

[15]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.

[16]  Xiaoping Chen,et al.  YAGP: Yet Another Graphical Password Strategy , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).