The ubiquitous access to mobile devices exposes users to increasing threats of shoulder-surfing attacks. An attacker can spy on a user when he is entering a password, opening the door to various security threats. With the guide of shoulder-surfing resistance strategies and unique strengths of password and behavioral biometrics in mobile user authentication, we designed a touch gesture-based password authentication method. We empirically evaluated the performance of the proposed method against the traditional keystroke-based method in protecting users from shoulder-surfing attacks under various settings. The results demonstrate the effectiveness of the proposed method, and have implications for the design of password authentication method for mobile devices.
Lina Zhou is a Professor of Management Information Systems at the Belk College of Business at UNC Charlotte. Her research interests in the areas of cybersecurity focus on deception detection and usable mobile user authentication. Her research combines methods of the design science and behavioral science paradigms. Dr. Zhou has worked on several related projects sponsored by NSF and AFOSR.