ColorSnakes: Using Colored Decoys to Secure Authentication in Sensitive Contexts
ColorSnakes is an authentication mechanism based solely on software modification which provides protection against shoulder surfing and to some degree to video attacks. A ColorSnakes PIN consists of a starting colored digit and is followed by four consecutive digits. From the starting colored digit, users indirectly draw a path (selection path) consisting of their PIN. The input path can be drawn anywhere on the grid. As the user is inputting their PIN, different colored decoy paths will be generated simultaneously from other starting colored digits, imitating the selection path in order to disguise the input. The underlying grid of numbers is randomly generated after each successful input to counter smudge attacks. We argue that ColorSnakes could be used as an additional authentication mechanism alongside current mechanisms, thus providing the user with the choice of changing to ColorSnakes for certain applications or when there is an observer.