Abstract
Using textual passwords suffer from the balance between security and usability. Password policies are usually adopted by system administrators to force users to choose strong passwords. However, users often use a simple password to make it easy to remember, which reduces the password strength and make it vulnerable to information security threats. When users enter their passwords in public places like airports or cafes, they become exposed to shoulder surfing attacks which are considered as a kind of social engineering. With a little effort, an attacker can capture a password by recording the individual’s authentication session or by direct observation. To overcome this vulnerability, we propose a new textual-password approach that uses camouflage characters and a virtual keyboard which leads to generating strong and easy to remember passwords. The perspective of usability and security was evaluated by experimental studies conducted with 65 users and then compared with recent studies. The results showed that the proposed technique has the lowest shoulder surfing success rate with just 3.63% with reasonable usability.
Highlights
Current authentication systems have a lot of weaknesses even if the system is secured, an individual’s behaviour may cause a security breach
Users often use a simple password to make it easy to remember, which reduces the password strength and make it vulnerable to information security threats. When users enter their passwords in public places like airports or cafes, they become exposed to shoulder surfing attacks which are considered as a kind of social engineering
It might be worth mentioning that the delay in M2 entry time is happening because the user must first check his email to get the AK key, he must enter the password according to the dynamic virtual keyboard
Summary
Current authentication systems have a lot of weaknesses even if the system is secured, an individual’s behaviour may cause a security breach. Using input devices such as the mouse and touch-screen makes graphical authentication techniques possible They are unsecured to many attacks such as shoulder-surfing, spyware, Social Engineering and Dictionary attacks. Shoulder surfing attack is a type of identity theft, it occurs when the attacker looks over someone's shoulder to get passwords, login PINs or other sensitive personal data This attack can be done by a small wireless camera that is easy to install. Systems login that is based on gazing to select a character from an onscreen keyboard is one of the solutions for shoulder-surfing but it may take a long entry time and lack of input accuracy [7] Another approach to solve this problem is using a graphical password or integrating both graphical and textual passwords [8][9]. After applying an experimental study to test the defensive model with 65 participants and analyzing the data, the conclusion is presented to summarize the primary outcomes and to determine model usability and efficiency against shoulder surfing attacks
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
