The present invention relates generally to computer security and more specifically, to security techniques for blocking shoulder surfing attacks.
Security support associated with information and computer access has been based largely on passwords, which are the principle part of the authentication process. The most common computer authentication method uses an alphanumeric username and password, which has significant drawbacks such as key logging for subsequent retrieval. Efforts to overcome the vulnerability of traditional methods, such as visual or graphical password schemes, were developed as possible alternative solutions to a text based scheme. A drawback to graphical password schemes is that they are more vulnerable to “shoulder surfing” than conventional alphanumeric text passwords. When users input their passwords in a public place, they can be at risk of attackers stealing their password. An attacker can capture a password by direct observation over the shoulder. This tactic, referred to as “shoulder surfing,” is a known risk and of special concern when authenticating in public places or common areas.