A systematic review of PIN-entry methods resistant to shoulder-surfing attacks

•First systematic review on PIN-entry methods resistant to shoulder-surfing attack.•A taxonomy of PIN-entry methods resistant to shoulder-surfing attack is presented.•Evaluation metrics, limitations, and recommendations of PIN methods are discussed.•PIN-entry methods are prone to recording-based sho...

Full description

Saved in:
Bibliographic Details
Published inComputers & security Vol. 101; p. 102116
Main Authors Binbeshr, Farid, Mat Kiah, M.L., Por, Lip Yee, Zaidan, A.A.
Format Journal Article
LanguageEnglish
Published Elsevier Ltd 01.02.2021
Subjects
Authentication
Observation attack
Password
PIN
Recording attack
Shoulder surfing
Shoulder surfing
Recording attack
Observation attack
PIN
Authentication
Password
Online AccessGet full text

Cover

More Information
Summary:•First systematic review on PIN-entry methods resistant to shoulder-surfing attack.•A taxonomy of PIN-entry methods resistant to shoulder-surfing attack is presented.•Evaluation metrics, limitations, and recommendations of PIN methods are discussed.•PIN-entry methods are prone to recording-based shoulder-surfing attack.•Error rate and PIN-entry time are widely adopted as criteria for usability. Although conventional PIN-entry methods are widely used in many daily authentication procedures, they are highly susceptible to shoulder-surfing attacks. A plethora of PIN-entry methods have been proposed in the literature to mitigate such attacks. Unfortunately, none of these methods is capable of replacing the conventional PIN-entry method. This study presents the results of a systematic review of PIN-entry methods resistant to shoulder-surfing attacks so that the main challenges that impede their adoption can be provided along with opportunities for future research. A systematic search was conducted on seven databases using predefined criteria. A test–retest approach was performed by a single author to extract data. A total of 55 articles were included in this review. The review results manifest that PIN-entry methods are classified mainly into direct and indirect inputs. The user study was the standard research method, and error rate and PIN-entry time were the most frequently adopted usability measures. The review argues that a recording-based shoulder-surfing attack is a major threat to PIN-entry methods. Error rate and PIN-entry time are widely adopted criteria for usability. The review indicates that most PIN-entry methods require a high error rate and PIN-entry time than the conventional method. Moreover, the lack of a standard evaluation framework should be addressed.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2020.102116