Shoulder Surfing attack in graphical password authentication

TL;DR

This paper surveys graphical password schemes from 2005 to 2009 that are designed to resist shoulder surfing attacks, highlighting their potential as more secure alternatives to traditional passwords in public settings.

Contribution

It provides a comprehensive review of graphical password schemes specifically aimed at mitigating shoulder surfing vulnerabilities, an area less explored in prior research.

Findings

Identifies various graphical schemes resistant to shoulder surfing

Highlights strengths and limitations of existing schemes

Suggests directions for future research in secure graphical authentication

Abstract

Information and computer security is supported largely by passwords which are the principle part of the authentication process. The most common computer authentication method is to use alphanumerical username and password which has significant drawbacks. To overcome the vulnerabilities of traditional methods, visual or graphical password schemes have been developed as possible alternative solutions to text based scheme. A potential drawback of graphical password schemes is that they are more vulnerable to shoulder surfing than conventional alphanumeric text passwords. When users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individuals authentication session. This is referred to as shouldersurfing and is a known risk, of special concern when authenticating in public places. In this paper we will present a survey on graphical password schemes from 2005 till 2009 which are proposed to be resistant against shoulder surfing attacks.