A study on password system with shoulder surfing resistance

• Main Authors: Lee, You-Shung, 李侑昇
• Other Authors: Tsai, Wen-Nung
• Format: Others
• Language: zh-TW
• Published: 2010
• Online Access: http://ndltd.ncl.edu.tw/handle/20035793339445917679

碩士 === 國立交通大學 === 資訊科學與工程研究所 === 98 === The most common way to protect the user accounts is to authenticate users through their textual account/password. However, account stealing is still a serious problem. Besides the use of weak/simple password or accidently letting out the password by themselves, data logging tools like keystroke logger (keylogger) are often used to steal account/password. This behavior is called “shoulder surfing” attack because that it is very similar to the case that someone watching you while you are typing your password. Although there are new types of authentication method, which data logging has less effect on, but those methods usually need extra hardware during the login procedure. Some researchers had been trying to find better authenticating methods without extra hardware. In this thesis, we proposed a method with shoulder surfing resistance to authenticate user without special hardware by using an on screen grid structure with user defined rules. Applying user-defined rules to random grid layout on the screen, a dynamic password is required during the login procedure. And thus, it is hard to analyze the logging data when the authenticating rules are unknown.