Logging safely in public spaces using color PINs

TL;DR

This paper introduces a novel color PIN-based login system that enhances security by enabling users to enter passwords in a way that reveals no information to observers, addressing UI vulnerabilities in digital authentication.

Contribution

The paper presents a new secure human-computer interface for password entry using associative color PINs that is resistant to shoulder-surfing and keylogging attacks.

Findings

Demonstrated a color PIN login system with zero-knowledge properties.

Extended the system with various secure authentication features.

Showed robustness against common observation-based attacks.

Abstract

Nowadays, we are increasingly logging on many different Internet sites to access private data like emails or photos remotely stored in the clouds. This makes us all the more concerned with digital identity theft and passwords being stolen either by key loggers or shoulder-surfing attacks. Quite surprisingly, the current bottleneck of computer security when logging for authentication is the User Interface (UI): How can we enter safely secret passwords when concealed spy cameras or key loggers may be recording the login session? Logging safely requires to design a secure Human Computer Interface (HCI) robust to those attacks. We describe a novel method and system based on entering secret ID passwords by means of associative secret UI passwords that provides zero-knowledge to observers. We demonstrate the principles using a color Personal Identification Numbers (PINs) login system and describes its various extensions.