Commonly-used authentication methods require a user to input (e.g. type or ‘key-in’) an authentication code or pattern, such as password, code, Personal Identification Number (PIN), or secret key-phrase, via an input interface. When inputting or ‘entering’ such authentication information, a third-party or attacker may be able to observe the input information (e.g. by looking over the user's shoulder, which is referred to as ‘shoulder surfing’).
Such potential, unwanted exposure of secret or sensitive authentication information is particularly problematic with the use of an automated teller machine (ATM), but is also becoming highly problematic with widespread adoption and use of mobile computing devices (e.g. tablet computer and smartphones).
Concepts for protecting secret or sensitive authentication as the secret or sensitive authentication is being input to a user interface have been proposed, but the concepts typically are not usable on smaller portable computing devices. Moreover, the input information may still be vulnerable if the third-party or attacker (e.g. ‘shoulder surfer’) is able to see a row letter being used.