A systematic review of PIN-entry methods resistant to shoulder-surfing attacks

Abstract

Although conventional PIN-entry methods are widely used in many daily authentication procedures, they are highly susceptible to shoulder-surfing attacks. A plethora of PIN-entry methods have been proposed in the literature to mitigate such attacks. Unfortunately, none of these methods is capable of replacing the conventional PIN-entry method. This study presents the results of a systematic review of PIN-entry methods resistant to shoulder-surfing attacks so that the main challenges that impede their adoption can be provided along with opportunities for future research. A systematic search was conducted on seven databases using predefined criteria. A test–retest approach was performed by a single author to extract data. A total of 55 articles were included in this review. The review results manifest that PIN-entry methods are classified mainly into direct and indirect inputs. The user study was the standard research method, and error rate and PIN-entry time were the most frequently adopted usability measures. The review argues that a recording-based shoulder-surfing attack is a major threat to PIN-entry methods. Error rate and PIN-entry time are widely adopted criteria for usability. The review indicates that most PIN-entry methods require a high error rate and PIN-entry time than the conventional method. Moreover, the lack of a standard evaluation framework should be addressed.