PassNum: A usable and secure method against repeated shoulder surfing.

Saved in:
Bibliographic Details
Title: PassNum: A usable and secure method against repeated shoulder surfing.
Authors: Ahmad, Awais (AUTHOR), Asif, Muhammad (AUTHOR), Hamid, Isma (AUTHOR), Aljuaid, Hanan (AUTHOR)
Source: Behaviour & Information Technology. Oct2025, Vol. 44 Issue 17, p4220-4246. 27p.
Subjects: Data security, Repeated measures design, Graphical user interfaces, T-test (Statistics), Data analysis, Research funding, Data security failures, Questionnaires, Systems development, Descriptive statistics, Computer graphics, System analysis, Thematic analysis, Analysis of variance, Statistics, Software architecture, Data analysis software, Cognition
Abstract: Conventional PIN and password methods failed to be resilient against observational attacks. In the wake of usable security, this gap is filled with enormous proposals of graphical passwords that claim to be resistant but sacrifice the usability concerns in the shape of other afflictions (second device 'phone/PC', headset, vibration motor, weird hand motions). In comparison, we propose PassNum, a grid-based usable, deployable, and secure graphical PIN authentication method (GPA) in the replacement (for every device) of conventional PIN. It is low-cost, user-friendly (child vs. old), secure (high entropy), and has a compatible design for low-sensitive (social sites) to more sensitive (banking apps). Through extensive experiments with 32 participants, PassNum achieved 98% accuracy with 10 s login time (average scores) and 100% memorability (cumulative scores). Furthermore, the 4th variation of PassNum proves to be 100% resilient against even recurring (3 repeated login sessions) recorded shoulder surfing attacks. Our qualitative survey revealed that PassNum might be the prime replacement for conventional PIN and password methods. [ABSTRACT FROM AUTHOR]
Copyright of Behaviour & Information Technology is the property of Taylor & Francis Ltd and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Psychology and Behavioral Sciences Collection
Full text is not displayed to guests.
Description
Abstract:Conventional PIN and password methods failed to be resilient against observational attacks. In the wake of usable security, this gap is filled with enormous proposals of graphical passwords that claim to be resistant but sacrifice the usability concerns in the shape of other afflictions (second device 'phone/PC', headset, vibration motor, weird hand motions). In comparison, we propose PassNum, a grid-based usable, deployable, and secure graphical PIN authentication method (GPA) in the replacement (for every device) of conventional PIN. It is low-cost, user-friendly (child vs. old), secure (high entropy), and has a compatible design for low-sensitive (social sites) to more sensitive (banking apps). Through extensive experiments with 32 participants, PassNum achieved 98% accuracy with 10 s login time (average scores) and 100% memorability (cumulative scores). Furthermore, the 4th variation of PassNum proves to be 100% resilient against even recurring (3 repeated login sessions) recorded shoulder surfing attacks. Our qualitative survey revealed that PassNum might be the prime replacement for conventional PIN and password methods. [ABSTRACT FROM AUTHOR]
ISSN:0144929X
DOI:10.1080/0144929X.2025.2469665