A systematic review of PIN-entry methods resistant to shoulder-surfing attacks
Document Type
Article
Publication Date
2-1-2021
Abstract
Although conventional PIN-entry methods are widely used in many daily authentication procedures, they are highly susceptible to shoulder-surfing attacks. A plethora of PIN-entry methods have been proposed in the literature to mitigate such attacks. Unfortunately, none of these methods is capable of replacing the conventional PIN-entry method. This study presents the results of a systematic review of PIN-entry methods resistant to shoulder-surfing attacks so that the main challenges that impede their adoption can be provided along with opportunities for future research. A systematic search was conducted on seven databases using predefined criteria. A test-retest approach was performed by a single author to extract data. A total of 55 articles were included in this review. The review results manifest that PIN-entry methods are classified mainly into direct and indirect inputs. The user study was the standard research method, and error rate and PIN-entry time were the most frequently adopted usability measures. The review argues that a recording-based shoulder-surfing attack is a major threat to PIN-entry methods. Error rate and PIN-entry time are widely adopted criteria for usability. The review indicates that most PIN-entry methods require a high error rate and PIN-entry time than the conventional method. Moreover, the lack of a standard evaluation framework should be addressed. (C) 2020 Elsevier Ltd. All rights reserved.
Keywords
PIN, Password, Shoulder surfing, Recording attack, Observation attack, Authentication
Divisions
fsktm
Funders
Fundamental Research Grant Scheme from the Ministry of Higher Education, Malaysia[FP114-2018A]
Publication Title
Computers & Security
Volume
101
Publisher
Elsevier Advanced Technology
Publisher Location
OXFORD FULFILLMENT CENTRE THE BOULEVARD, LANGFORD LANE, KIDLINGTON, OXFORD OX5 1GB, OXON, ENGLAND