Authentication based on passwords is used largely in applications for computer security and privacy. However, human actions such as choosing bad passwords and inputting passwords in an insecure way are regarded as ”the weakest link” in the authentication chain. Rather than arbitrary alphanumeric strings, users tend to choose passwords either short or meaningful for easy memorization. With web applications and mobile apps piling up, people can access these applications anytime and anywhere with various devices. This evolution brings great convenience but also increases the probability of exposing passwords to shoulder surfing attacks. Attackers can observe directly or use external recording devices to collect users‟ credentials. To overcome this problem, a novel authentication system PassMatrix, based on graphical passwords to resist shoulder surfing attacks is proposed. With a one-time valid login indicator and circulative horizontal and vertical bars covering the entire scope of pass-images, PassMatrix offers no hint for attackers to figure out or narrow down the password even they conduct multiple camera-based attacks. From the experimental result, the proposed system achieves better resistance to shoulder surfing attacks while maintaining usability.
1] Xiaoyuan Suo, Ying Zhu G. Scott. Owen, 2005, „Graphical passwords: a survey‟, 21st Annual Computer Security Applications Conference.
 Zhi Li, Qibin Sun, Yong Lian, and D. D. Giusto, 2005, „An Association-Based Graphical Password Design Resistant to ShoulderSurfing Attack‟, IEEE International Conference on Multimedia and Expo (ICME).
 Julie Thrope, P. C. van Oorschot, Anil Somayaji, 2005, „Passthoughts: authenticating with our minds‟, Proceedings of the 2005 workshop on New security paradigms, ACM.
 Susan Wiedenbeck, Jim Waters, Leonardo Sobrado, Jean-Camille Birget, 2006, „Design and Evaluation of a Shoulder-Surfing Resistant Graphical Password Scheme‟,Proceedings of Advanced Visual Interfaces (AVI2006).
 Furkan, Tari, A. Ant Ozok, Stephen H. Holden, 2006, „A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords‟, Proceedings of the second symposium on Usable privacy and security, ACM.
 Di Lin, Paul Dunphy, Patrick Olivier, Jeff Yan, 2007, „Graphical passwords & qualitative spatial relations‟,Proceedings of the 3rd symposium on Usable privacy and security, ACM.
 Manu Kumar, Tal Garfinkel, Dan Boneh, Terry Winograd, 2007, „Reducing shoulder-surfing by using gaze-based password entry‟,Proceedings of the 3rd symposium on Usable privacy and security, ACM.