Logging safely in public spaces using color PINs
This addresses digital identity theft for users logging into private accounts in public, though it appears incremental as it builds on existing UI security concepts.
The paper tackles the problem of secure authentication in public spaces by introducing a novel method based on color PINs that provides zero-knowledge to observers, demonstrating its effectiveness against key loggers and shoulder-surfing attacks.
Nowadays, we are increasingly logging on many different Internet sites to access private data like emails or photos remotely stored in the clouds. This makes us all the more concerned with digital identity theft and passwords being stolen either by key loggers or shoulder-surfing attacks. Quite surprisingly, the current bottleneck of computer security when logging for authentication is the User Interface (UI): How can we enter safely secret passwords when concealed spy cameras or key loggers may be recording the login session? Logging safely requires to design a secure Human Computer Interface (HCI) robust to those attacks. We describe a novel method and system based on entering secret ID passwords by means of associative secret UI passwords that provides zero-knowledge to observers. We demonstrate the principles using a color Personal Identification Numbers (PINs) login system and describes its various extensions.