Text-based passwords are unable to prevent shoulder-surfing attacks. In this paper, a new authentication mechanism was introduced to send out misleading information to attackers when the former entered its text-based passwords; the latter was unable to decipher the true passwords by simply recording or looking at them. The misleading information was the pressure values (i.e., pressures exerted by the users) measured by pressure sensors embedded under the smartphone touchscreens. The systems detected each pressure value entered by the users and determined whether it was to be saved (i.e., as a true password) or omitted (i.e., as misleading information). Regarding this authentication method, because attackers were unable to know the users’ pressure values, they were unable to differentiate between true and misleading information and thus had no way of knowing the users’ actual passwords. In the end, our authentication mechanism improved the deficiency of current text-based passwords and enhanced system security.
CITATION STYLE
Luo, J. N., Yang, M. H., & Tsai, C. L. (2016). A mobile device-based antishoulder-surfing identity authentication mechanism. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9955 LNCS, pp. 37–46). Springer Verlag. https://doi.org/10.1007/978-3-319-46298-1_3
Mendeley helps you to discover research relevant for your work.