Shoulder Surfing Resistant Password Authentication Mechanism (Using Convex Hull Click Scheme)

Abstract: when users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individuals authentication session. This is referred to as shoulder-surfing and is a known risk, of special concern when authenticating in public places. Until recently, the only defense against shoulder-surfing was the alertness on the part of the user. Shoulder surfing resistant password authentication mechanism assure shoulder-surfing resistant authentication to user. It allows user to authenticate by entering pass-word in graphical way at insecure places because user never have to click directly on password icons. Usability testing of this mechanism showed that novice users were able to enter their graphical password accurately and to remember it over time. However, the protection against shoulder-sur_ng comes at the price of longer time to carry out the authentication.

Keywords: shoulder-surfing, password, graphical