ColorSnakes: Using Colored Decoys to Secure Authentication in Sensitive Contexts

ColorSnakes is an authentication mechanism based solely on software modification which provides protection against shoulder surfing and to some degree to video attacks. A ColorSnakes PIN consists of a starting colored digit and is followed by four consecutive digits. From the starting colored digit, users indirectly draw a path (selection path) consisting of their PIN. The input path can be drawn anywhere on the grid. As the user is inputting their PIN, different colored decoy paths will be generated simultaneously from other starting colored digits, imitating the selection path in order to disguise the input. The underlying grid of numbers is randomly generated after each successful input to counter smudge attacks. We argue that ColorSnakes could be used as an additional authentication mechanism alongside current mechanisms, thus providing the user with the choice of changing to ColorSnakes for certain applications or when there is an observer.


<link in mi institut mi-mitarbeiter jg internal-link>Jan Gugenheimer

<link in mi institut mi-mitarbeiter dw internal-link>Dennis Wolf

<link in mi institut mi-mitarbeiter enrico-rukzio internal-link>Enrico Rukzio


Gugenheimer, Jan; De Luca, Alexander; Hess, Hayato; Karg, Stefan; Wolf, Dennis; Rukzio, Enrico ColorSnakes: Using Colored Decoys to Secure Authentication in Sensitive Contexts In Proc. of MobileHCI 2015 (17th International Conference on Human-Computer Interaction with Mobile Devices and Services), 2015

DOI: 10.1145/2785830.2785834