LAUSR

The regular PIN-entry method has been still the most common method of authentication for systems and networks. However, PINs are easy to be captured through various attacks, including shoulder-surfing, video-recording, and spyware. This could be attributed to the involuntary nature of entering the original PIN during authentication. In this paper, we employ an indirect input method that utilizes the addition mod 10 and a mini-challenge keypad in order to produce a one-time PIN (OTP) that obscures the original PIN. The results of our user study manifest that the proposed PIN-entry method provides better security than the existing PIN-entry methods while maintaining an acceptable level of usability. Moreover, the user feedback fully support the use of the proposed PIN-entry method in critical-security situations.