{"id":"https://openalex.org/W2108525321","doi":"https://doi.org/10.1145/1143120.1143128","title":"A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords","display_name":"A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords","publication_year":2006,"publication_date":"2006-01-01","ids":{"openalex":"https://openalex.org/W2108525321","doi":"https://doi.org/10.1145/1143120.1143128","mag":"2108525321"},"language":"en","primary_location":{"id":"doi:10.1145/1143120.1143128","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1143120.1143128","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the second symposium on Usable privacy and security  - SOUPS '06","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5006773419","display_name":"Furkan Tari","orcid":null},"institutions":[{"id":"https://openalex.org/I79272384","display_name":"University of Maryland, Baltimore County","ror":"https://ror.org/02qskvh78","country_code":"US","type":"education","lineage":["https://openalex.org/I79272384"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Furkan Tari","raw_affiliation_strings":["UMBC, Baltimore, MD","UMBC, Baltimore MD#TAB#"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"UMBC, Baltimore, MD","institution_ids":["https://openalex.org/I79272384"]},{"raw_affiliation_string":"UMBC, Baltimore MD#TAB#","institution_ids":["https://openalex.org/I79272384"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012075364","display_name":"A. Ant Ozok","orcid":null},"institutions":[{"id":"https://openalex.org/I79272384","display_name":"University of Maryland, Baltimore County","ror":"https://ror.org/02qskvh78","country_code":"US","type":"education","lineage":["https://openalex.org/I79272384"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"A. Ant Ozok","raw_affiliation_strings":["UMBC, Baltimore, MD","UMBC, Baltimore MD#TAB#"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"UMBC, Baltimore, MD","institution_ids":["https://openalex.org/I79272384"]},{"raw_affiliation_string":"UMBC, Baltimore MD#TAB#","institution_ids":["https://openalex.org/I79272384"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5079024126","display_name":"Stephen H. Holden","orcid":null},"institutions":[{"id":"https://openalex.org/I79272384","display_name":"University of Maryland, Baltimore County","ror":"https://ror.org/02qskvh78","country_code":"US","type":"education","lineage":["https://openalex.org/I79272384"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Stephen H. Holden","raw_affiliation_strings":["UMBC, Baltimore, MD","UMBC, Baltimore MD#TAB#"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"UMBC, Baltimore, MD","institution_ids":["https://openalex.org/I79272384"]},{"raw_affiliation_string":"UMBC, Baltimore MD#TAB#","institution_ids":["https://openalex.org/I79272384"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5006773419"],"corresponding_institution_ids":["https://openalex.org/I79272384"],"apc_list":null,"apc_paid":null,"fwci":23.3013,"has_fulltext":false,"cited_by_count":286,"citation_normalized_percentile":{"value":0.99291583,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"56","last_page":"56"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10803","display_name":"Innovative Human-Technology Interaction","score":0.9941999912261963,"subfield":{"id":"https://openalex.org/subfields/1709","display_name":"Human-Computer Interaction"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9868999719619751,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.9404697418212891},{"id":"https://openalex.org/keywords/alphanumeric","display_name":"Alphanumeric","score":0.9319764375686646},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7136799097061157},{"id":"https://openalex.org/keywords/cognitive-password","display_name":"Cognitive password","score":0.6980336308479309},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.6956288814544678},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.650905966758728},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5603097677230835},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5581952929496765},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.504534125328064},{"id":"https://openalex.org/keywords/password-cracking","display_name":"Password cracking","score":0.4584767818450928},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.4410950243473053},{"id":"https://openalex.org/keywords/dictionary-attack","display_name":"Dictionary attack","score":0.42859724164009094},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3917669951915741},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.3063219487667084},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.1924133598804474}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.9404697418212891},{"id":"https://openalex.org/C2781003394","wikidata":"https://www.wikidata.org/wiki/Q737372","display_name":"Alphanumeric","level":2,"score":0.9319764375686646},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7136799097061157},{"id":"https://openalex.org/C23875713","wikidata":"https://www.wikidata.org/wiki/Q5141232","display_name":"Cognitive password","level":5,"score":0.6980336308479309},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.6956288814544678},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.650905966758728},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5603097677230835},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5581952929496765},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.504534125328064},{"id":"https://openalex.org/C3847113","wikidata":"https://www.wikidata.org/wiki/Q2746524","display_name":"Password cracking","level":5,"score":0.4584767818450928},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.4410950243473053},{"id":"https://openalex.org/C113328881","wikidata":"https://www.wikidata.org/wiki/Q599809","display_name":"Dictionary attack","level":3,"score":0.42859724164009094},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3917669951915741},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.3063219487667084},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.1924133598804474},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/1143120.1143128","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1143120.1143128","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the second symposium on Usable privacy and security  - SOUPS '06","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.120.1341","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.120.1341","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://cups.cs.cmu.edu/soups/2006/proceedings/p56_tari.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W60907133","https://openalex.org/W128619364","https://openalex.org/W1485033854","https://openalex.org/W1485200701","https://openalex.org/W1498728415","https://openalex.org/W1503108337","https://openalex.org/W1511039991","https://openalex.org/W1515542209","https://openalex.org/W1560225191","https://openalex.org/W1582830784","https://openalex.org/W1921097329","https://openalex.org/W1969385422","https://openalex.org/W1971006483","https://openalex.org/W1973703055","https://openalex.org/W1983629106","https://openalex.org/W1984314602","https://openalex.org/W1987209163","https://openalex.org/W2025448348","https://openalex.org/W2037202491","https://openalex.org/W2042037908","https://openalex.org/W2042059698","https://openalex.org/W2047917391","https://openalex.org/W2058219110","https://openalex.org/W2078483465","https://openalex.org/W2085592842","https://openalex.org/W2100783932","https://openalex.org/W2104861707","https://openalex.org/W2111303254","https://openalex.org/W2111678510","https://openalex.org/W2115218409","https://openalex.org/W2115689562","https://openalex.org/W2139693359","https://openalex.org/W2149310201","https://openalex.org/W2189515241","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W1982158666","https://openalex.org/W3131491961","https://openalex.org/W4319158737","https://openalex.org/W2563449137","https://openalex.org/W4239831152","https://openalex.org/W2097945858","https://openalex.org/W2159224061","https://openalex.org/W3174201280","https://openalex.org/W4321600778","https://openalex.org/W2804831377"],"abstract_inverted_index":{"Previous":[0],"research":[1],"has":[2],"found":[3,273],"graphical":[4,36,62,82,102],"passwords":[5,37,85,276],"to":[6,31,38,42,68,86,95,106,119,121,150,175,221,238,267],"be":[7,43,264],"more":[8,279],"memorable":[9],"than":[10],"non-dictionary":[11,107],"or":[12],"\"strong\"":[13],"alphanumeric":[14,84],"passwords.":[15,110,138],"Participants":[16],"in":[17,26,186,204,213,240],"a":[18,101,231,241],"prior":[19],"study":[20,153,180,198,254],"expressed":[21],"concerns":[22],"that":[23,224,251,257,274],"this":[24],"increase":[25],"memorability":[27,65],"could":[28],"also":[29,178],"lead":[30],"an":[32],"increased":[33,64],"susceptibility":[34],"of":[35,47,70,81,97,100,127,144,162,169,171,189,216],"shoulder-surfing.":[39,71],"This":[40,58],"appears":[41],"yet":[44],"another":[45],"example":[46],"the":[48,79,90,124,142,145,157,166,172,190,195,214,217,234,245,270],"classic":[49],"trade-off":[50],"between":[51,197],"usability":[52],"and":[53,92,108,134,136,152,177,183,201,206,244],"security":[54],"for":[55,228],"authentication":[56,147,219],"systems.":[57],"paper":[59,88],"explores":[60],"whether":[61,208],"passwords'":[63],"necessarily":[66],"leads":[67],"risks":[69],"To":[72],"date,":[73],"there":[74,209],"are":[75],"no":[76],"studies":[77],"examining":[78],"vulnerability":[80,94,143,168,215],"versus":[83,130],"shoulder-surfing.This":[87],"examines":[89],"real":[91,182,200],"perceived":[93,184,202],"shoulder-surfing":[96,151,176,187,205,239,268],"two":[98,125],"configurations":[99,126,149,174,220],"password,":[103],"Passfaces\u2122[30],":[104],"compared":[105,165,179],"dictionary":[109],"A":[111],"laboratory":[112,242],"experiment":[113],"with":[114,250,259],"20":[115],"participants":[116,255],"asked":[117],"them":[118],"try":[120],"shoulder":[122],"surf":[123],"Passfaces\u2122":[128,229,258],"(mouse":[129],"keyboard":[131,232],"data":[132,164,226,261],"entry)":[133],"strong":[135,275],"weak":[137],"Data":[139],"gathered":[140],"included":[141],"four":[146,173,218],"system":[148],"participants'":[154,181,199,246],"perceptions":[155,247],"concerning":[156],"same":[158],"vulnerability.":[159],"An":[160],"analysis":[161,193],"these":[163],"relative":[167],"each":[170,188],"success":[185,203],"configurations.":[191],"Further":[192],"examined":[194],"relationship":[196],"determined":[207],"were":[210,248,277],"significant":[211],"differences":[212],"shoulder-surfing.Findings":[222],"indicate":[223],"configuring":[225],"entry":[227,262],"through":[230],"is":[233],"most":[235,265],"effective":[236],"deterrent":[237],"setting":[243],"consistent":[249],"result.":[252],"While":[253],"believed":[256],"mouse":[260],"would":[263],"vulnerable":[266],"attacks,":[269],"empirical":[271],"results":[272],"actually":[278],"vulnerable.":[280]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":11},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":13},{"year":2020,"cited_by_count":14},{"year":2019,"cited_by_count":23},{"year":2018,"cited_by_count":23},{"year":2017,"cited_by_count":15},{"year":2016,"cited_by_count":26},{"year":2015,"cited_by_count":22},{"year":2014,"cited_by_count":28},{"year":2013,"cited_by_count":22},{"year":2012,"cited_by_count":11}],"updated_date":"2026-05-21T09:19:25.381259","created_date":"2025-10-10T00:00:00"}