Combined Password Authentication Scheme Resistant to Shoulder Surfing Attacks

Abstract

In this paper, we propose combined password authentication scheme resistant to shoulder surfing attack. Proposed scheme improves the vulnerable part of text-based password authentication scheme about shoulder surfing. Our scheme combined existing text-based authentication factors with user behavior information as the part of the user authentication. Thus, our scheme consider the user efficiency. Because none of other devices is required as a secondary authentication method that is required in two-channel authentication scheme. In addition, our scheme offer the same level of user confirmation factor, as in two-channel authentication scheme. Furthermore, even if text-based password is exposed by shoulder surfing attack, another authentication factor-user behavior patternis not vulnerable to this attack. User behavior pattern is biometric data that reflects users own behavior. Thus, that is hard to copy as same as the original. Therefore, our scheme is shoulder surfing resistant.