Abstract
Users typically reuse the same personalized identification number (PIN) for multiple systems and in numerous sessions. Direct PIN entries are highly susceptible to shoulder-surfing attacks as attackers can effectively observe PIN entry with concealed cameras. Indirect PIN entry methods proposed as countermeasures are rarely deployed because they demand a heavier cognitive workload for users. To achieve security and usability, we present a practical indirect PIN entry method called SteganoPIN . The human–machine interface of SteganoPIN is two numeric keypads, one covered and the other open, designed to physically block shoulder-surfing attacks. After locating a long-term PIN in the more typical layout, through the covered permuted keypad, a user generates a one-time PIN that can safely be entered in plain view of attackers. Forty-eight participants were involved in investigating the PIN entry time and error rate of SteganoPIN. Our experimental manipulation used a within-subject factorial design with two independent variables: PIN entry system (standard PIN, SteganoPIN) and PIN type (system-chosen PIN, user-chosen PIN). The PIN entry time in SteganoPIN (5.4–5.7 s) was slower but acceptable, and the error rate (0–2.1%) was not significantly different from that of the standard PIN. SteganoPIN is resilient to camera-based shoulder-surfing attacks over multiple authentication sessions. It remains limited to PIN-based authentication.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.