In my previous post “Shoulder Surfing — Possibility and Probability” https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-7106543136469905408-NzzE
I mentioned the following -
“Assume a solution that is effective in fending off the cyberattacks where people are careful about their security but fails to fend off the attacks where people are careless and reckless about their own security. Would you call it a failure?”
and “The issue could be generalised as “That there is a theoretical possibility is one thing and that how probable it is in the real life is another”.
It is not the end of our ‘Shoulder Surfing’ discussion, however. The above comments are a general observation for ‘Image-Based Authentication’ as a whole.
Coming specifically to our Expanded Password System-applied identity solutions put on the market with the brand of ‘Mnemonic + something’, the following functions are offered to security-sensitive users to deter persistent shoulder surfers-
1. Blurring the images
2. Allocating random alphanumerics to the images for typing instead of touching and clicking.
3. Random positioning of the images
4. Shrinking the image matrix
The last one is especially meaningful: It enables us to come up with a very simple and yet hugely effective measures against persistent shoulder surfers and cleverly-hidden spy cameras — Roll up papers or simply bend your fingers to make a tunnel, through which we watch and select the registered images with our face close to the display. Actually, I practice this in an uneasy environment.
Below are my posts on the two other misperceptions about Expanded Password System -
High cost of handling images — “Cost Benefit of Using Images for Login” (29May2023) https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-7068832232307654656-5js9
Low mathematical strength — “Entropy of Image-based Password” (27Apr2023) https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-7057219727273693185-Mpgq
* If you heard of other ‘drawbacks’ of Expanded Password System or Image-based authentication, please give me a shout.