Information security is an area that IS researchers can and should contribute to (Zafar and Clark 2009), including password related research (Kreider 2018; Kreider and Rao 2010). One common attack against password entry, the shoulder surfing attack, occurs when an attacker unknowingly observes a user while entering their password (Tari et al. 2006), which has been shown to be a feasible attack using the Microsoft Hololens augmented reality wearable. While the attack was shown to be feasible, no countermeasures were explored. This paper will explore potential countermeasure to the shoulder surfing attack presented by Kreider (2018). The countermeasures will be explored both from an efficacy perspective, as well as a usability perspective. While other studies exploring this phenomena focus on the importance of discreet input, such as a haptic sensor (Roesner et al. 2014) and gesture control armbands utilizing electromyography (Zhang et al. 2017), our study will explore mechanisms not requiring discreetness.
Kreider, Christopher, "An Exploration of Countermeasures for Augmented Reality Shoulder Surfing Attacks" (2019). SAIS 2019 Proceedings. 13.