Shoulder surfing defence for recall-based graphical passwords

Zakaria, Nur Haryani; Griffiths, David; Brostoff, Sacha; Yan, Jeff

doi:10.1145/2078827.2078835

Cited by 100 publications

(50 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…"In order to maintain ecological validity of this experiment, the passwords tested must be memorable; otherwise they would be less likely to be chosen in the real world" [18].…”

Section: Study Typementioning

confidence: 99%

On the ecological validity of a password study

Fahl

Harbach

Acar

et al. 2013

Proceedings of the Ninth Symposium on Usable Privacy and Security

View full text Add to dashboard Cite

The ecological validity of password studies is a complex topic and difficult to quantify. Most researchers who conduct password user studies try to address the issue in their study design. However, the methods researchers use to try to improve ecological validity vary and some methods even contradict each other. One reason for this is that the very nature of the problem of ecological validity of password studies is hard to study, due to the lack of ground truth. In this paper, we present a study on the ecological validity of password studies designed specifically to shed light on this issue. We were able to compare the behavior of 645 study participants with their real world password choices. We conducted both online and laboratory studies, under priming and non-priming conditions, to be able to evaluate the effects of these different forms of password studies. While our study is able to investigate only one specific password environment used by a limited population and thus cannot answer all questions about ecological validity, it does represent a first important step in judging the impact of ecological validity on password studies.

show abstract

“…"In order to maintain ecological validity of this experiment, the passwords tested must be memorable; otherwise they would be less likely to be chosen in the real world" [18].…”

Section: Study Typementioning

confidence: 99%

On the ecological validity of a password study

Fahl

Harbach

Acar

et al. 2013

Proceedings of the Ninth Symposium on Usable Privacy and Security

View full text Add to dashboard Cite

show abstract

“…After the removal of participants who were not Android or iOS users and/or any incomplete questionnaires or data that failed our data validation, we ended up with 192 participants. Among them, 48% used Android, ~65% were male and 82% were aged [18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35] (min age = 18 max age = 67). Regarding their IT skills the respondents classified themselves: (a) 11% nontechnically savvy ('moderate' IT), (b) 42% with good IT skills, and (c) 47% technically savvy ('excellent' IT).…”

Section: Methodsmentioning

confidence: 99%

“…shoulder surfing [21], [25] and brute force attacks [13]), as well as attacks that are unique to graphical passwords due to traces and oily residues left on the screen (i.e. smudge attacks [11], [9,10].…”

Section: Related Workmentioning

confidence: 99%

Exploring the Adoption of Physical Security Controls in Smartphones

Alshammari

Mylonas

Sedky

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The proliferation of smartphones has changed our life due to the enhanced connectivity, increased storage capacity and innovative functionality they offer. Their increased popularity has drawn the attention of attackers, thus, nowadays their users are exposed to many security and privacy threats. The fact that smartphones store significant data (e.g. personal, business, government, etc.) in combination with their mobility, increase the impact of unauthorized physical access to smartphones. However, past research has revealed that this is not clearly understood by smartphone users, as they disregard the available security controls. In this context, this paper explores the attitudes and perceptions towards security controls that protect smartphone user's data from unauthorized physical access. We conducted a survey to measure their adoption and the reasons behind users' selections. Our results, suggest that nowadays users are more concerned about their physical security, but still reveal that a considerable portion of our sample is prone to unauthorized physical access.

show abstract

“…Their results show that PIN entry is more vulnerable to shoulder surfing than graphical password schemes. Zakaria et al [27] evaluate enhancements to the recall-based draw a secret (DAS) scheme. The experimenter entered three DAS passwords on a PDA observed by participants standing to the left.…”

Section: Shoulder Surfing Susceptibilitymentioning

confidence: 99%

Password entry usability and shoulder surfing susceptibility on different smartphone platforms

Schaub

Deyhle

Weber

2012

Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia

141

View full text Add to dashboard Cite

Virtual keyboards of different smartphone platforms seem quite similar at first glance, but the transformation from a physical to a virtual keyboard on a small-scale display results in user experience variations that cause significant differences in usability as well as shoulder surfing susceptibility, i.e., the risk of a bystander observing what is being typed. In our work, we investigate the impact of both aspects on the security of text-based password entry on mobile devices. In a between subjects study with 80 participants, we analyzed usability and shoulder surfing susceptibility of password entry on different mobile platforms (iOS, Android, Windows Phone, Symbian, MeeGo). Our results show significant differences in the usability of password entry (required password entry time, typing accuracy) and susceptibility to shoulder surfing. Our results provide insights for security-aware design of on-screen keyboards and for password composition strategies tailored to entry on smartphones.

show abstract

Shoulder surfing defence for recall-based graphical passwords

Cited by 100 publications

References 20 publications

On the ecological validity of a password study

On the ecological validity of a password study

Exploring the Adoption of Physical Security Controls in Smartphones

Password entry usability and shoulder surfing susceptibility on different smartphone platforms

Contact Info

Product

Resources

About