Evaluation of mouse operation authentication method having shoulder surfing resistance

Abstract

Currently, typing character strings on a keyboard is used for personal authentication for PC login and unlocking. Although some graphical and biometric-based methods have been developed, most of them have weak authentication strength or weak shoulder surfing resistance. In this paper, we propose a personal authentication method that the user specifies positions on a N × N matrix using mouse clicks. The user can hide the mouse during authentication easily, so the method has shoulder surfing resistance and can be used in public places. We developed the proposed method (pattern method), and two variations (number and color, and combination method), and performed user testing and shoulder surfing experiment to validate the proposed method. The proposed method was tested by 20 subjects in pattern method, 23 subjects in the number and color, and the combination method. The authentication success rate is 63.1%, 56.3% and 87.5% on each method. The specific rate by shoulder surfing is 1.4% in pattern method.