A Series of PIN/Password Input Methods Resilient to Shoulder Hacking Based on Cognitive Difficulty of Tracing Multiple Key Movements

Kokoro KOBAYASHI  Tsuyoshi OGUNI  Masaki NAKAGAWA  

IEICE TRANSACTIONS on Information and Systems   Vol.E103-D   No.7   pp.1623-1632
Publication Date: 2020/07/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2019EDP7181
Type of Manuscript: PAPER
Category: Computer System
PIN code,  password,  user authentication,  shoulder hacking,  cognitive difficulty,  

Full Text: PDF(611.7KB)>>
Buy this Article

This paper presents a series of secure PIN/password input methods resilient to shoulder hacking. When a person inputs a PIN or password to a smartphone, tablet, banking terminal, etc., there is a risk of shoulder hacking of the PIN or the password being stolen. To decrease the risk, we propose a method that erases key-top labels, moves them smoothly and simultaneously, and lets the user touch the target key after they stopped. The user only needs to trace a single key, but peepers have to trace the movements of all the keys at the same time. We extend the method by assigning different colors, shapes, and/or sizes to keys for enhancing distinguishability, which allows all the keys to be moved instantaneously after key-top labels are erased and the user to touch the target key. We also introduce a “move backward/forward” function that allows the user to play back the movements. This series of methods does not have the highest security, but it is easy to use and does not require any changes to the server side. Results of a performance evaluation demonstrate that this method has high resistance to shoulder hacking while providing satisfactory usability without large input errors.