Abstract
Graphical passwords are vulnerable to shoulder surfing attacks as the images are easier to remember than the text. Thus, existing graphical password schemes incorporate an anti-shoulder surfing mechanism, to ensure the graphical password is secure from shoulder surfing attacks. Unfortunately, the literature review has shown that most of the graphical password schemes that have anti-shoulder surfing mechanisms are general device graphical password schemes, not mobile device graphical password schemes. Therefore, in this experiment, two general device graphical password anti-shoulder surfing mechanisms, which are the Triangle Scheme and the Intersection Scheme, are reconstructed on a mobile device to test whether or not the general device graphical password anti-shoulder surfing mechanism is suitable for re-use in mobile devices.
Highlights
Nowadays, the most widely used knowledge-based authentication method is done via textual passwords
We discovered that the main reason for the Triangle Scheme and Intersection Scheme being vulnerable to shoulder-surfing attacks is that the number of pictures in the schemes is insufficient
In our pre-experiment study, it showed that most mobile device graphical password schemes do not include any anti-shoulder-surfing mechanism, but, it does for general device graphical password schemes
Summary
The most widely used knowledge-based authentication method is done via textual passwords. A graphical password, another form of knowledge-based authentication method is introduced as an alternative to textual passwords. A graphical password is an authentication method whereby users create their passwords by selecting or producing pictures (Thorpe, 2004; Ejetlawi, 2008a; Ejectlawi, 2008b). A graphical password is proposed based on the principle that pictures are easier to remember than words. Due to this reason, graphical passwords are vulnerable against shoulder-surfing attacks. To overcome this issue, an anti-shoulder-surfing mechanism has to be integrated into the said graphical passwords. A shoulder-surfing attack is a type of attack during which the shoulder-surfer steals his victim’s passwords by peeping over the victim’s shoulder (Shi, 2009)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
