Authentication based on passwords is usedlargely in applications for computer security and privacy. However, human actions such as choosing bad passwordsand inputting passwords in an insecure way are regarded as the weakest link inthe authentication chain. With theincreasing amount of mobile devices and web services, users can access theirpersonal accounts to send confidential business emails,upload photos to albums in the cloud or remit money from their e-bank accountany time and anywhere. While logging into these services in public, they mayexpose their passwords to unknown parties unconsciously. People with maliciousintent could watch the whole authentication procedure through omnipresent videocameras and surveillance equipment, or evena reflected image on a window. Once the attacker obtains password, they could access personalaccounts and that would definitely pose a great threat to ones assets. Shoulder surfing attacks have gained more and more attention in thepast decade.
Keywords: Pass matrix, paired based, ImageDiscretization, authentication.