shoulder surfing

(redirected from Shoulder-surfing)
Also found in: Dictionary.

shoulder surfing

Looking over someone's shoulder to obtain passwords, PINs and other security codes being entered. Often performed with binoculars, ATMs and other data entry terminals may make it more difficult by requiring a 90 degree viewing angle to read the screen or moving the digit keys around on touchscreens. See social engineering.
Mentioned in ?
References in periodicals archive ?
Holden, "A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords," in Proc.
Lee, "Security notions and advanced method for human shoulder-surfing resistant PIN-entry," in IEEE Trans.
(28.) Gao, H., Ren, Z., Chang, X., Liu, X., Aickelin, U.: A New Graphical Password Scheme Resistant to Shoulder-Surfing. In: Proceedings of the International Conference on CyberWorlds, Singapore, 194--199, (2010).
Similar to the Passfaces system, the Deja Vu system is vulnerable to shoulder-surfing attack as the users select their password images for each of the authentication sessions.
The proposed method has been developed for the smart phone environment and ensures safety from the Shoulder-Surfing Attack, Brute Force Attack [3], Smudge Attack [4], and Recording Attack that threaten user authentication.
The state agency suspended the policy for 45 days and eventually settled on the "shoulder-surfing' policy, MSNBC.com reported.
Report suspicious people who may be casing your property or anyone who is "shoulder-surfing" as you shop.
The criminal will steal the pin by shoulder-surfing and then withdraw strip and the card later.
This is called a shoulder-surfing attack that is more effective in a crowded place.
There are two types of shoulder-surfing attack: direct observation attacks, in which authentication information is obtained by a person who is directly monitoring the authentication sequence, and recording attacks, in which the authentication information is obtained by recording the authentication sequence for later analysis.
Static passwords have increasingly become the subject of a variety of malicious attacks, including shoulder-surfing, key-logging, screen-scraping and brute force 'dictionary' attacks.