A PIN Entry Scheme Resistant to Recording-Based Shoulder-Surfing

Two-factor authentication techniques using combination of magnetic cards and personal identification numbers (PINs) are widely used in many applications including automatic teller machines and point of sales. Similar to other valuable personal possessions, cards can be easily stolen by pickpockets. Furthermore, recent security reports show that magnetic cards can be easily duplicated using fake card readers and PINs can be obtained by shoulder surfing legitimate users´ PIN entry processes. With this combination, criminals can easily break into users´ accounts which represents a great threat. In this paper, we propose a new PIN entry scheme which is resistant against shoulder-surfing attacks conducted by shoulder-surfers with normal cognitive capabilities. Additionally, this scheme offers a relatively good level of security when the shoulder-surfer can record the entire login procedure for one or two times with a video device. Mathematical analysis of the proposed scheme is also presented.