American Journal of Computer Science and Technology

Submit a Manuscript

Publishing with us to make your research visible to the widest possible audience.

Propose a Special Issue

Building a community of authors and readers to discuss the latest research and develop new ideas.

Role of Shoulder Surfing in Cyber Security (Experimental Study to the Comparative Framework)

Shoulder surfing attacks pose a significant threat to the security of sensitive information, such as passwords, social security numbers, and credit card details. In these attacks, malicious individuals strategically position themselves to observe a victim's screen and keyboard inputs covertly. As the security landscape evolves, researchers are actively exploring alternative authentication methods to replace traditional textual passwords. However, evaluating the resilience of these authentication systems against shoulder surfing attacks has been a complex task. This research aims to provide a comprehensive framework for objectively assessing the vulnerability of authentication mechanisms to shoulder surfing attacks. Through a systematic analysis, our study reveals intriguing insights. Notably, it demonstrates that pictorial passwords are more susceptible to shoulder surfing than their textual counterparts. This susceptibility arises from the ease with which attackers can visually capture and recall graphical representations. However, our research also highlights the potential for designing graphical authentication schemes that can resist shoulder surfing attempts effectively. While visual passwords exhibit inherent vulnerability due to their visibility, creative design choices can mitigate these risks. Furthermore, we found that textual passwords, while less susceptible to shoulder surfing, face limitations due to their smaller character pool size. In conclusion, this study sheds light on the nuanced landscape of authentication mechanisms and their susceptibility to shoulder surfing attacks. By providing a robust set of measures for objective analysis, our research serves as a valuable resource for developing and implementing secure authentication solutions. It emphasizes the importance of considering both usability and security factors when designing authentication systems to combat the persistent challenge of shoulder surfing attacks.

Shoulder Surfing, Observer, Attacker, Surfer, Security, Privacy

Marran Aldossari, Abdullah Albalawi. (2023). Role of Shoulder Surfing in Cyber Security (Experimental Study to the Comparative Framework). American Journal of Computer Science and Technology, 6(3), 102-108.

Copyright © 2023 Authors retain the copyright of this article.
This article is an open access article distributed under the Creative Commons Attribution License ( which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

1. Angeli, A. D., Coventry, L., Johnson, G., Renaud, K., (2005). Is a picture worth a thousand words? Exploring the feasibility of graphical authentication systems. Int. J. Hum.-Comput. Stud. 63 (1), 128–152.
2. Antonella De Angeli, Lynne Coventry, Graham Johnson, and Karen Renaud. (2005). Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies 63, 1 (2005), 128–152. 10.1016/j.ijhcs.2005.04.020 HCI research in privacy and security.
3. Adam J. Aviv, John T. Davin, Flynn Wolf, and Ravi Kuber. (2017). Towards Baselines for Shoulder Surfing on Mobile Authentication. In Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC 2017). ACM, New York, NY, USA, 486–498. 3134600.3134609
4. Leon Boˇsnjak and Boˇstjan Brumen. (2019). Rejecting the Death of Passwords: Advice for the Future. Computer Science and Information Systems 16, 1 (2019), 313332.
5. Botjan Brumen. (2019). Security analysis of Game Changer Password System. International Journal of Human-Computer Studies 126 (2019), 44–52.
6. Ashley A. Cain, Liya Chiu, Felicia Santiago, and Jeremiah D. (2016) Still. 2016. Swipe Authentication: Exploring Over-the-Shoulder Attack Performance. In Advances in Human Factors in Cybersecurity, Denise Nicholson (Ed.). Springer International Publishing, Cham, 327–336.
7. H. Sun, S. Chen, J. Yeh, and C. Cheng. (2018). A Shoulder Surfing Resistant Graphical Authentication System. IEEE Transactions on Dependable and Secure Computing 15, 2 (March 2018), 180–193. 1109/TDSC.2016.2539942
8. Matt Weir, Sudhir Aggarwal, Michael Collins, and Henry Stern. (2010). Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS ’10). ACM, New York, NY, USA, 162–175.
9. Marran Zabin Aldossari, “A Survey on Phishing Attacks in Cyberspace”, IJC, vol. 41, no. 1, pp. 46–58, Dec. 2021.
10. Aldossari, Marran and Zhang, Dongsong, "D&L: A Natural Language Processing Based Approach for Protecting Sensitive Information from Shoulder Surfing Attacks" (2023). AMCIS 2023 Proceedings. 7.
11. Tabassum, M., Alqhatani, A., Aldossari, M., & Richter Lipford, H. (2018, April). Increasing user attention with a comic-based policy. In Proceedings of the 2018 chi conference on human factors in computing systems (pp. 1-6).‏
12. Aldossari, M. (2023). The use of text recognition, lip reading, and object detection for protecting sensitive information from shoulder surfing attacks (Order No. 30529612). Available from ProQuest Dissertations & Theses Global. (2840101210). Retrieved from
13. Zimmeck, Sebastian, Rafael Goldstein, and David Baraka. "PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps." NDSS. Vol. 2. 2021.‏
14. Bui, D., Shin, K. G., Choi, J. M., & Shin, J. (2021). Automated Extraction and Presentation of Data Practices in Privacy Policies. Proc. Priv. Enhancing Technol., 2021 (2), 88-110.‏
15. Kitkowska, A., Warner, M., Shulman, Y., Wästlund, E., & Martucci, L. A. (2020). Enhancing privacy through the visual design of privacy notices: Exploring the interplay of curiosity, control and affect. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020) (pp. 437-456).‏