Draw a line on your PDA to authenticate

TL;DR

This paper introduces a new graphical password scheme for PDAs that enhances resistance to shoulder-surfing attacks while maintaining usability, addressing limitations of previous methods.

Contribution

A novel graphical authentication method for PDAs that balances security against shoulder-surfing with ease of use, improving on prior schemes.

Findings

Resists shoulder-surfing attacks effectively

Maintains user-friendly login process

Outperforms existing schemes in usability and security

Abstract

The trend toward a highly mobile workforce and the ubiquity of graphical interfaces (such as the stylus and touch-screen) has enabled the emergence of graphical authentications in Personal Digital Assistants (PDAs) [1]. However, most of the current graphical password schemes are vulnerable to shoulder-surfing [2,3], a known risk where an attacker can capture a password by direct observation or by recording the authentication session. Several approaches have been developed to deal with this problem, but they have significant usability drawbacks, usually in the time and effort to log in, making them less suitable for authentication [4, 8]. For example, it is time-consuming for users to log in CHC [4] and there are complex text memory requirements in scheme proposed by Hong [5]. With respect to the scheme proposed by Weinshall [6], not only is it intricate to log in, but also the main claim of resisting shoulder-surfing is proven false [7]. In this paper, we introduce a new graphical password scheme which provides a good resistance to shouldersurfing and preserves a desirable usability.