A NEW PASSWORD AUTHENTICATION SCHEME RESISTANT AGAINST SHOULDER SURFING ATTACK
Mohammed Abbas Fadhil Al-Husainy；Diaa Mohammed Uliyan
shoulder surfing attack ； textual password authentication ； information security
|Volume or Term/Year and Month of Publication||
34卷1期（2019 / 03 / 01）
25 - 35
Personal Identification Number (PIN) is one of the simplest ways for user authentication that is commonly used to protect user information through online information systems such as ATMs. PINs are vulnerable to several types of attacks. Usually, users tend to choose easy passwords or short passwords to make them easier to remember. However, this makes passwords vulnerable to multiple forms of attack, such as camera recording attacks and shoulder surfing attacks. This research presents a new textual password authentication technique that can be used as a competitive scheme to both traditional textual and graphical password schemes. In the proposed technique, a new 6 × 6 keyboard has been designed as an alternative to the traditional keyboard to be used by the user to enter password characters. The user does not need to press the keys that represent the password characters. The proposed technique was tested on a group of users and the recorded results of the experiments have been evaluated using a specific set of criteria. Based on the evaluation of the tests, the proposed technique succeeded to provide a more secure session for the user to enter the password. Moreover, the proposed technique helps to solve most of the defects, especially the shoulder surfing attack that exists in the authentication systems use textual or graphical passwords.