A systematic review of PIN-entry methods resistant to shoulder-surfing attacks
•First systematic review on PIN-entry methods resistant to shoulder-surfing attack.•A taxonomy of PIN-entry methods resistant to shoulder-surfing attack is presented.•Evaluation metrics, limitations, and recommendations of PIN methods are discussed.•PIN-entry methods are prone to recording-based sho...
Saved in:
Published in | Computers & security Vol. 101; p. 102116 |
---|---|
Main Authors | , , , |
Format | Journal Article |
Language | English |
Published |
Elsevier Ltd
01.02.2021
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | •First systematic review on PIN-entry methods resistant to shoulder-surfing attack.•A taxonomy of PIN-entry methods resistant to shoulder-surfing attack is presented.•Evaluation metrics, limitations, and recommendations of PIN methods are discussed.•PIN-entry methods are prone to recording-based shoulder-surfing attack.•Error rate and PIN-entry time are widely adopted as criteria for usability.
Although conventional PIN-entry methods are widely used in many daily authentication procedures, they are highly susceptible to shoulder-surfing attacks. A plethora of PIN-entry methods have been proposed in the literature to mitigate such attacks. Unfortunately, none of these methods is capable of replacing the conventional PIN-entry method. This study presents the results of a systematic review of PIN-entry methods resistant to shoulder-surfing attacks so that the main challenges that impede their adoption can be provided along with opportunities for future research. A systematic search was conducted on seven databases using predefined criteria. A test–retest approach was performed by a single author to extract data. A total of 55 articles were included in this review. The review results manifest that PIN-entry methods are classified mainly into direct and indirect inputs. The user study was the standard research method, and error rate and PIN-entry time were the most frequently adopted usability measures. The review argues that a recording-based shoulder-surfing attack is a major threat to PIN-entry methods. Error rate and PIN-entry time are widely adopted criteria for usability. The review indicates that most PIN-entry methods require a high error rate and PIN-entry time than the conventional method. Moreover, the lack of a standard evaluation framework should be addressed. |
---|---|
ISSN: | 0167-4048 1872-6208 |
DOI: | 10.1016/j.cose.2020.102116 |