Shoulder surfing resistant graphical password schema: Randomized Pass Points (RPP)

Bostan, Hakan
Bostan, Atila
Shoulder-surfing attacks are pervading in today’s digital environment. With the widespread usage of mobile devices in public and uncontrolled settings, intentional or unintentional observation of user authentication processes is quite frequent. Scientists in the security domain have spent considerable effort in developing shoulder-surfing-resistant authentication mechanisms. In this study, a pass-graph methodology that benefits from randomity and alternative pass-graphs derivation is proposed with the name of Randomized Pass Points. The proposed authentication methodology is scrutinized for its resistance to brute force and shoulder-surfing attacks. Evaluations prove that the proposed alternative is stronger than that of the 8-digit 71-character-set password methodology against brute force attacks and it necessitates at least 5 valid log-ins to be captured by the attacker to derive the pass-graph under given assumptions in shoulder-surfing attack.
Multimedia Tools and Applications
Citation Formats
H. Bostan and A. Bostan, “Shoulder surfing resistant graphical password schema: Randomized Pass Points (RPP),” Multimedia Tools and Applications, pp. 0–0, 2023, Accessed: 00, 2023. [Online]. Available: