Password authentication is used as a universal method for user authentication. In the password authentication, a user accesses a web server and sets his/her ID (identifier) and password, and then logs in the web server by inputting the set ID and password in a terminal. In addition, as an improvement of the existing password authentication, there has been proposed a technique for authenticating a user by using a touch pattern set by the user. Korean Unexamined Patent Publication No. 10-2009-0013432 discloses a portable terminal for authenticating a user by using a pattern and its locking and releasing method.
However if this method is used, the authentication information of the user, namely the password and ID of the user, may be captured by other persons by means of shoulder surfing. Further, if ID and password of a specific user are captured by others, personal data of the user may be continuously exposed to others unless the specific user changes the ID and password or withdraw from member.