Incognito: Shoulder-surfing resistant selection method

Authentication methods need to, at minimum, prevent casual attackers with limited resources from gaining access to our private information. Although, Personal Identification Numbers (PIN) have been ubiquitously implemented to validate a user's identity, it is surprisingly easy for PINs to be stolen by casual shoulder-surfing attackers. We offer Incognito, a selection technique, which is resistant to casual shoulder-surfing and extendable to emerging graphical authentication methods. This was achieved by employing indirect interactions and masking standard cursor feedback. We show this selection technique effectively prevents casual shoulder-surfing attacks. The users controlled Incognito with either a mouse or eye tracker. We examined its usability by measuring effectiveness, performance, and user satisfaction in contrast with a conventional PIN approach. Our results show marginal login performance differences between the conventional method and Incognito with mouse-based interactions, but not for eye tracker based interactions. Incognito shows promise as a viable selection technique within public spaces.