Implementation of Multi-Entry Onscreen Keyboard Model on Android-Based Mobile Application to Prevent Shoulder Surfing Attack

Abstract

The increasing number of Android-based smartphone users and the usage of smartphones for electronic payments have led to the threat of shoulder surfing attacks of PIN and password theft. Various methods of preventing shoulder surfing have been created to keep PIN and password confidential, one of which is by customizing the keyboard graphically, textually, and patterns for entering passwords. Some of the existing methods lack complexity, security, and are impractical to use by themselves. Therefore, a shoulder surfing prevention method was created using a multi-entry onscreen keyboard (meosk) model which combines several textual authentication methods with the creation of entry model technique in order to maximize the usability and complexity. In this research, the implementation of multi-entry onscreen keyboard model was carried out on an Android-based mobile application to determine the level of security from shoulder surfing. Testing was done by simulating shoulder surfing attacks on application that has been built. The research results showed that multi-entry onscreen keyboard model can prevent shoulder surfing attacks by combining several methods and the results of chi square test were significant for all test variables.