Emanuel von Zezschwitz
Heinrich Hussmann
ABSTRACT
In this paper, we present SwiPIN, a novel authentication system that allows input of traditional PINs using simple touch gestures like up or down and makes it secure against human observers. We present two user studies which evaluated different designs of SwiPIN and compared it against traditional PIN. The results show that SwiPIN performs adequately fast (3.7 s) to serve as an alternative input method for risky situations. Furthermore, SwiPIN is easy to use, significantly more secure against shoulder surfing attacks and switching between PIN and SwiPIN feels natural.
Supplemental Material
- Bianchi, A., Oakley, I., and Kwon, D. S. Counting clicks and beeps: Exploring numerosity based haptic and audio pin entry. Interacting with Computers 24, 5 (2012), 409--422. Google Scholar
Digital Library
- De Luca, A., Hertzschuch, K., and Hussmann, H. Colorpin: Securing pin entry through indirect input. In Proc. CHI '10, ACM (New York, NY, USA, 2010), 1103--1106. Google ScholarDigital Library
- Harbach, M., von Zezschwitz, E., Fichtner, A., De Luca, A., and Smith, M. It's a hard lock life: A field study of smartphone (un)locking behavior and risk perception. In Proc. SOUPS 2014, USENIX Association (Menlo Park, CA, July 2014), 213--230.Google Scholar
- Kwon, T., and Na, S. Tinylock: Affordable defense against smudge attacks on smartphone pattern lock systems. Computers & Security 42, 0 (2014), 137--150.Google ScholarCross Ref
- Lee, M.-K. Security notions and advanced method for human shoulder-surfing resistant pin-entry. IEEE Transactions on Information Forensics and Security 9, 4 (April 2014), 695--708. Google ScholarDigital Library
- Roth, V., Richter, K., and Freidinger, R. A pin-entry method resilient against shoulder surfing. In Proc. CCS '04, ACM (New York, NY, USA, 2004), 236--245. Google ScholarDigital Library
Index Terms
- SwiPIN: Fast and Secure PIN-Entry on Smartphones
Recommendations
Understanding Shoulder Surfing in the Wild: Stories from Users and Observers
CHI '17: Proceedings of the 2017 CHI Conference on Human Factors in Computing SystemsResearch has brought forth a variety of authentication systems to mitigate observation attacks. However, there is little work about shoulder surfing situations in the real world. We present the results of a user survey (N=174) in which we investigate ...
Evaluating Attack and Defense Strategies for Smartphone PIN Shoulder Surfing
CHI '18: Proceedings of the 2018 CHI Conference on Human Factors in Computing SystemsWe evaluate the efficacy of shoulder surfing defenses for PIN-based authentication systems. We find tilting the device away from the observer, a widely adopted defense strategy, provides limited protection. We also evaluate a recently proposed defense ...
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords
SOUPS '06: Proceedings of the second symposium on Usable privacy and securityPrevious research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased ...
Comments