Department of Computer System and Technology, Faculty of Computer Science and Information Technology, Universiti Malaya, Kuala Lumpur, Malaysia
M. L. Mat Kiah
Department of Computer System and Technology, Faculty of Computer Science and Information Technology, Universiti Malaya, Kuala Lumpur, Malaysia
A. A. Zaidan
SP Jain School of Global Management, Sydney, NSW, Australia
Muhammad Imam
Department of Computer Engineering, Interdisciplinary Research Center for Intelligent Secure Systems, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia
The regular PIN-entry method has been still the most common method of authentication for systems and networks. However, PINs are easy to be captured through various attacks, including shoulder-surfing, video-recording, and spyware. This could be attributed to the involuntary nature of entering the original PIN during authentication. In this paper, we employ an indirect input method that utilizes the addition mod 10 and a mini-challenge keypad in order to produce a one-time PIN (OTP) that obscures the original PIN. The results of our user study manifest that the proposed PIN-entry method provides better security than the existing PIN-entry methods while maintaining an acceptable level of usability. Moreover, the user feedback fully support the use of the proposed PIN-entry method in critical-security situations.