A mobile device-based antishoulder-surfing identity authentication mechanism

Abstract

Text-based passwords are unable to prevent shoulder-surfing attacks. In this paper, a new authentication mechanism was introduced to send out misleading information to attackers when the former entered its text-based passwords; the latter was unable to decipher the true passwords by simply recording or looking at them. The misleading information was the pressure values (i.e., pressures exerted by the users) measured by pressure sensors embedded under the smartphone touchscreens. The systems detected each pressure value entered by the users and determined whether it was to be saved (i.e., as a true password) or omitted (i.e., as misleading information). Regarding this authentication method, because attackers were unable to know the users’ pressure values, they were unable to differentiate between true and misleading information and thus had no way of knowing the users’ actual passwords. In the end, our authentication mechanism improved the deficiency of current text-based passwords and enhanced system security.