Holden, "A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords," in Proc.
Lee, "Security notions and advanced method for human shoulder-surfing resistant PIN-entry," in IEEE Trans.
(28.) Gao, H., Ren, Z., Chang, X., Liu, X., Aickelin, U.: A New Graphical Password Scheme Resistant to Shoulder-Surfing
. In: Proceedings of the International Conference on CyberWorlds, Singapore, 194--199, (2010).
Similar to the Passfaces system, the Deja Vu system is vulnerable to shoulder-surfing
attack as the users select their password images for each of the authentication sessions.
The proposed method has been developed for the smart phone environment and ensures safety from the Shoulder-Surfing
Attack, Brute Force Attack , Smudge Attack , and Recording Attack that threaten user authentication.
The state agency suspended the policy for 45 days and eventually settled on the "shoulder-surfing
' policy, MSNBC.com reported.
Report suspicious people who may be casing your property or anyone who is "shoulder-surfing
" as you shop.
The criminal will steal the pin by shoulder-surfing
and then withdraw strip and the card later.
This is called a shoulder-surfing
attack that is more effective in a crowded place.
There are two types of shoulder-surfing
attack: direct observation attacks, in which authentication information is obtained by a person who is directly monitoring the authentication sequence, and recording attacks, in which the authentication information is obtained by recording the authentication sequence for later analysis.
Static passwords have increasingly become the subject of a variety of malicious attacks, including shoulder-surfing
, key-logging, screen-scraping and brute force 'dictionary' attacks.