Shoulder surfing defence for recall-based graphical passwords
Shoulder surfing defence for recall-based graphical passwords
Graphical passwords are often considered prone to shoulder-surfing attacks, where attackers can steal a user's password by peeking over his or her shoulder in the authentication process. In this paper, we explore shoulder surfing defence for recall-based graphical password systems such as Draw-A-Secret and Background Draw-A-Secret, where users doodle their passwords (i.e. secrets) on a drawing grid. We propose three innovative shoulder surfing defence techniques, and conduct two separate controlled laboratory experiments to evaluate both security and usability perspectives of the proposed techniques. One technique was expected to work to some extent theoretically, but it turned out to provide little protection. One technique provided the best overall shoulder surfing defence, but also caused some usability challenges. The other technique achieved reasonable shoulder surfing defence and good usability simultaneously, a good balance which the two other techniques did not achieve. Our results appear to be also relevant to other graphical password systems such as Pass-Go.
graphical passwords, shoulder-surfing defence, usability
Zakaria, Nur Haryani
a9a4eab4-c2c0-47ec-9e74-aad3e3b29c0f
Griffiths, David
0aaafa8e-d56f-4d31-8c46-7e67dac43db8
Brostoff, Sacha
7198fc4a-9fd7-4dfb-93c6-b930bf5c3ae2
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
2011
Zakaria, Nur Haryani
a9a4eab4-c2c0-47ec-9e74-aad3e3b29c0f
Griffiths, David
0aaafa8e-d56f-4d31-8c46-7e67dac43db8
Brostoff, Sacha
7198fc4a-9fd7-4dfb-93c6-b930bf5c3ae2
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Zakaria, Nur Haryani, Griffiths, David, Brostoff, Sacha and Yan, Jeff
(2011)
Shoulder surfing defence for recall-based graphical passwords.
In SOUPS 2011 - Proceedings of the 7th Symposium on Usable Privacy and Security.
(doi:10.1145/2078827.2078835).
Record type:
Conference or Workshop Item
(Paper)
Abstract
Graphical passwords are often considered prone to shoulder-surfing attacks, where attackers can steal a user's password by peeking over his or her shoulder in the authentication process. In this paper, we explore shoulder surfing defence for recall-based graphical password systems such as Draw-A-Secret and Background Draw-A-Secret, where users doodle their passwords (i.e. secrets) on a drawing grid. We propose three innovative shoulder surfing defence techniques, and conduct two separate controlled laboratory experiments to evaluate both security and usability perspectives of the proposed techniques. One technique was expected to work to some extent theoretically, but it turned out to provide little protection. One technique provided the best overall shoulder surfing defence, but also caused some usability challenges. The other technique achieved reasonable shoulder surfing defence and good usability simultaneously, a good balance which the two other techniques did not achieve. Our results appear to be also relevant to other graphical password systems such as Pass-Go.
This record has no associated files available for download.
More information
Published date: 2011
Venue - Dates:
7th Symposium on Usable Privacy and Security, SOUPS 2011, , Pittsburgh, PA, United States, 2011-07-20 - 2011-07-22
Keywords:
graphical passwords, shoulder-surfing defence, usability
Identifiers
Local EPrints ID: 500833
URI: http://eprints.soton.ac.uk/id/eprint/500833
PURE UUID: 6dc876e1-f2cd-44a4-aa8f-65f27dd50080
Catalogue record
Date deposited: 13 May 2025 17:24
Last modified: 13 May 2025 17:24
Export record
Altmetrics
Contributors
Author:
Nur Haryani Zakaria
Author:
David Griffiths
Author:
Sacha Brostoff
Author:
Jeff Yan
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics