On Overcoming the Identified Limitations of a Usable PIN Entry Method

In the domain of password security, research has made significant progress in handling different kinds of threats which require human intelligence factor to fix the vulnerabilities. In spite of having strong theoretical establishments, most of these defense mechanisms cannot be used in practice as humans have limitations in processing complex information. The little bit of good news is that very few research proposals in this field have shown the promises to be deployable in practice. This paper focuses on such one method - proposed by Roth et al. back in 2004, which provides adequate user-friendliness to enter Personal Identification Number (PIN) securely in the presence of human shoulder surfers. Surprisingly, the background algorithm of this method for validating users' responses runs in linear time on a search space of cardinality 5 and hence, the validation process does not put much load on the authenticating device. Therefore, such human identification protocol can also be integrated into the IoT infrastructure for conducting a more secured login from the client-side. Having such advantages, though remained secure for almost ten years after its release in 2004, recently, few proposals revealed some serious vulnerable aspects of the Roth et al.'s proposal. In this paper, we have taken an attempt to save this user-friendly form of authentication. Firstly, we have made a critical discussion on the importance of the targeted PIN entry method in the domain of usable security and then given a brief overview of the identified limitations of this protocol. Followed by this, a few initiatives have been taken to fix the identified vulnerabilities of Roth et al.'s proposal by revising its working principle, while the login procedure and the usability standard of this method stay unaffected.