Browse Prior Art Database

System and Method of Password Entry Using Two Thumbs

IP.com Disclosure Number: IPCOM000131902D
Publication Date: 2005-Nov-21
Document File: 2 page(s) / 57K

Publishing Venue

The IP.com Prior Art Database

Abstract

The existing device-password-entering model for the handhelds, specially those with reduced keypad mobile handheld makes it easy for “shoulder surfing” – standing or sitting b besides or behind a person to detect the password as the owner enters it. For the reduced keypad handhelds, even though the password digits are shown for a short period of time, they are still visible and detectable by others. When the user uses only one thumb/finger for typing the password, it is even easier to discover the password by following one thumb/finger (perhaps by remotely filming the user). These effects are more apparent in lecture halls where each chair is mounted on a higher level than the chair in front of it. So any user has 3 or 4 persons behind him/her that are very easily capable of discovering the password as it is typed in. As we plan to force the users to type in the password after 30 minutes of no activity, we, simultaneously, force careless users to unveil their passwords (especially in places like those lecture halls mentioned above). What makes this even scarier is that some users choose to use a common or similar password for their handheld as their credit card password, etc. For devices like smart-card readers, where the user needs to pair his handheld with the smart-card reader for security reasons, it is very important to make sure that no one can discover the device password as it is typed in. A Two-Thumb-Password-Entry model can address the problems mentioned. The main goal for this method is to avoid showing the password digits on the LCD (even for a short period of time as it is today), and to force the user to use two thumbs/fingers as he/she enters the password. These two goals make it difficult for even a shoulder surfer to discover the password as the owner enters it. Two-Thumb Password Entry may be defined as follows: The user holds one thumb on the Space key, and then presses a second key with the second thumb. If the Space key is pressed simultaneously with a second key, the character shown on the right side of the second key is chosen (e.g. for QW key, W is chosen). If the Space key is not pressed in, the character on the left is chosen (e.g. for QW key, Q is chosen). As characters are typed in, only stars are shown on the LCD. The reason for choosing the Space key and not the Shift or Cap key is that the Space key is in the middle. So the user (whether right-handed or left-handed) mostly covers the thumb on the space bar with another thumb/finger that types in the password. The other reason is that the functionalities of the Shift and Cap key are needed for the password typing. The advantage of this method compared to the multi-tapping and predictive input method is that a shoulder surfer has more difficulties in following two thumbs in the same time because:

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

TWO-THUMB PASSWORD ENTRY

System and Method of Password Entry Using Two Thumbs

Disclosed Anonymously

The existing device-password-entering model for the handhelds, specially those with reduced keypad mobile handheld makes it easy for “shoulder surfing” – standing or sitting b besides or behind a person to detect the password as the owner enters it.  For the reduced keypad handhelds, even though the password digits are shown for a short period of time, they are still visible and detectable by others.

When the user uses only one thumb/finger for typing the password, it is even easier to discover the password by following one thumb/finger (perhaps by remotely filming the user).  These effects are more apparent in lecture halls where each chair is mounted on a higher level than the chair in front of it. So any user has 3 or 4 persons behind him/her that are very easily capable of discovering the password as it is typed in.

As we plan to force the users to type in the password after 30 minutes of no activity, we, simultaneously, force careless users to unveil their passwords (especially in places like those lecture halls mentioned above).  What makes this even scarier is that some users choose to use a common or similar password for their handheld as their credit card password, etc.

For devices like smart-card readers, where the user needs to pair his handheld with the smart-card reader for security reasons, it is very important to make sure that no one can discover the device password as it is typed in.

A Two-Thumb-Password-Entry model can address the problems mentioned. The main goal for this method is to avoid showing the password digits on the LCD (even for a short period of time as it is today), and to force the user to use two thumbs/fingers as he/she enters the password. These two goals make it difficult for even a shoulder surfer to discover the password as the owner enters i...