Shoulder Surfing through the Social Lens: A Longitudinal Investigation & Insights from an Exploratory Diary Study

Habiba Farzand; Karola Marky; Mohamed Khamis

doi:10.1145/3549015.3554211

Shoulder Surfing through the Social Lens: A Longitudinal Investigation & Insights from an Exploratory Diary Study

Habiba Farzand^*, Karola Marky^*, Mohamed Khamis^*

^*Corresponding author for this work

Empirical Information Security Section

University of Glasgow

Research output: Chapter in book/report/conference proceeding › Conference contribution › Research › peer review

Abstract

Shoulder surfing is a prevailing threat when accessing information on personal devices like smartphones. Adequate mitigation requires studying shoulder surfing occurrences in people's daily lives. In this paper, we confirm and extend previous research findings on shoulder surfing occurrences using a new method; a one-month diary study (N=23). Our results provide evidence of shoulder surfing in public and private environments. Content-based shoulder surfing happens more frequently than authentication-based shoulder surfing. Participants experienced shoulder surfing at least twice during the study period and considered the closeness of relationships with the shoulder surfers when deciding how to respond to shoulder surfing incidents. Participants preferred unobtrusive alerting mechanisms over mitigation mechanisms for protection against shoulder surfing. Our work advocates moving away from one-size-fits-all privacy solutions and supports the design of user-centred shoulder surfing mitigation methods that consider social aspects. We conclude with directions for future research to assist security researchers and practitioners.

Original language	English
Title of host publication	Proceedings - EuroUSEC 2022
Subtitle of host publication	2022 European Symposium on Usable Security, EuroUSEC 2022
Publisher	Association for Computing Machinery (ACM)
Pages	85-97
Number of pages	13
ISBN (Electronic)	9781450397001
DOIs	https://doi.org/10.1145/3549015.3554211
Publication status	Published - 29 Sept 2022
Event	2nd European Symposium on Usable Security, EuroUSEC 2022 - Karlsruhe, Germany Duration: 29 Sept 2022 → 30 Sept 2022

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	2nd European Symposium on Usable Security, EuroUSEC 2022
Country/Territory	Germany
City	Karlsruhe
Period	29 Sept 2022 → 30 Sept 2022

Keywords

privacy
security
shoulder surfing

ASJC Scopus subject areas

Human-Computer Interaction
Computer Networks and Communications
Computer Vision and Pattern Recognition
Software

Access to Document

10.1145/3549015.3554211

https://eprints.gla.ac.uk/276959/3/276959.pdfLicence: Other

Cite this

Farzand, H., Marky, K., & Khamis, M. (2022). Shoulder Surfing through the Social Lens: A Longitudinal Investigation & Insights from an Exploratory Diary Study. In Proceedings - EuroUSEC 2022: 2022 European Symposium on Usable Security, EuroUSEC 2022 (pp. 85-97). (ACM International Conference Proceeding Series). Association for Computing Machinery (ACM). https://doi.org/10.1145/3549015.3554211

@inproceedings{f79a801c3b8d4af59e14b7d8cffcba38,

title = "Shoulder Surfing through the Social Lens: A Longitudinal Investigation & Insights from an Exploratory Diary Study",

abstract = "Shoulder surfing is a prevailing threat when accessing information on personal devices like smartphones. Adequate mitigation requires studying shoulder surfing occurrences in people's daily lives. In this paper, we confirm and extend previous research findings on shoulder surfing occurrences using a new method; a one-month diary study (N=23). Our results provide evidence of shoulder surfing in public and private environments. Content-based shoulder surfing happens more frequently than authentication-based shoulder surfing. Participants experienced shoulder surfing at least twice during the study period and considered the closeness of relationships with the shoulder surfers when deciding how to respond to shoulder surfing incidents. Participants preferred unobtrusive alerting mechanisms over mitigation mechanisms for protection against shoulder surfing. Our work advocates moving away from one-size-fits-all privacy solutions and supports the design of user-centred shoulder surfing mitigation methods that consider social aspects. We conclude with directions for future research to assist security researchers and practitioners.",

keywords = "privacy, security, shoulder surfing",

author = "Habiba Farzand and Karola Marky and Mohamed Khamis",

note = "Funding Information: This publication was supported by an Excellence Bursary Award by the University of Glasgow, by an EPSRC New Investigator Award (grant number EP/V008870/1), and by the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, which is also funded by the UK EPSRC under grant number EP/S035362/1. Figure 1 was created using Canva [7] under Free Content License.; 2nd European Symposium on Usable Security, EuroUSEC 2022 ; Conference date: 29-09-2022 Through 30-09-2022",

year = "2022",

month = sep,

day = "29",

doi = "10.1145/3549015.3554211",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery (ACM)",

pages = "85--97",

booktitle = "Proceedings - EuroUSEC 2022",

address = "United States",

}

Farzand, H, Marky, K & Khamis, M 2022, Shoulder Surfing through the Social Lens: A Longitudinal Investigation & Insights from an Exploratory Diary Study. in Proceedings - EuroUSEC 2022: 2022 European Symposium on Usable Security, EuroUSEC 2022. ACM International Conference Proceeding Series, Association for Computing Machinery (ACM), pp. 85-97, 2nd European Symposium on Usable Security, EuroUSEC 2022, Karlsruhe, Germany, 29 Sept 2022. https://doi.org/10.1145/3549015.3554211

Shoulder Surfing through the Social Lens: A Longitudinal Investigation & Insights from an Exploratory Diary Study. / Farzand, Habiba; Marky, Karola; Khamis, Mohamed.
Proceedings - EuroUSEC 2022: 2022 European Symposium on Usable Security, EuroUSEC 2022. Association for Computing Machinery (ACM), 2022. p. 85-97 (ACM International Conference Proceeding Series).

Research output: Chapter in book/report/conference proceeding › Conference contribution › Research › peer review

TY - GEN

T1 - Shoulder Surfing through the Social Lens

T2 - 2nd European Symposium on Usable Security, EuroUSEC 2022

AU - Farzand, Habiba

AU - Marky, Karola

AU - Khamis, Mohamed

N1 - Funding Information: This publication was supported by an Excellence Bursary Award by the University of Glasgow, by an EPSRC New Investigator Award (grant number EP/V008870/1), and by the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, which is also funded by the UK EPSRC under grant number EP/S035362/1. Figure 1 was created using Canva [7] under Free Content License.

PY - 2022/9/29

Y1 - 2022/9/29

N2 - Shoulder surfing is a prevailing threat when accessing information on personal devices like smartphones. Adequate mitigation requires studying shoulder surfing occurrences in people's daily lives. In this paper, we confirm and extend previous research findings on shoulder surfing occurrences using a new method; a one-month diary study (N=23). Our results provide evidence of shoulder surfing in public and private environments. Content-based shoulder surfing happens more frequently than authentication-based shoulder surfing. Participants experienced shoulder surfing at least twice during the study period and considered the closeness of relationships with the shoulder surfers when deciding how to respond to shoulder surfing incidents. Participants preferred unobtrusive alerting mechanisms over mitigation mechanisms for protection against shoulder surfing. Our work advocates moving away from one-size-fits-all privacy solutions and supports the design of user-centred shoulder surfing mitigation methods that consider social aspects. We conclude with directions for future research to assist security researchers and practitioners.

AB - Shoulder surfing is a prevailing threat when accessing information on personal devices like smartphones. Adequate mitigation requires studying shoulder surfing occurrences in people's daily lives. In this paper, we confirm and extend previous research findings on shoulder surfing occurrences using a new method; a one-month diary study (N=23). Our results provide evidence of shoulder surfing in public and private environments. Content-based shoulder surfing happens more frequently than authentication-based shoulder surfing. Participants experienced shoulder surfing at least twice during the study period and considered the closeness of relationships with the shoulder surfers when deciding how to respond to shoulder surfing incidents. Participants preferred unobtrusive alerting mechanisms over mitigation mechanisms for protection against shoulder surfing. Our work advocates moving away from one-size-fits-all privacy solutions and supports the design of user-centred shoulder surfing mitigation methods that consider social aspects. We conclude with directions for future research to assist security researchers and practitioners.

KW - privacy

KW - security

KW - shoulder surfing

UR - http://www.scopus.com/inward/record.url?scp=85138487959&partnerID=8YFLogxK

U2 - 10.1145/3549015.3554211

DO - 10.1145/3549015.3554211

M3 - Conference contribution

AN - SCOPUS:85138487959

T3 - ACM International Conference Proceeding Series

SP - 85

EP - 97

BT - Proceedings - EuroUSEC 2022

PB - Association for Computing Machinery (ACM)

Y2 - 29 September 2022 through 30 September 2022

ER -

Farzand H, Marky K, Khamis M. Shoulder Surfing through the Social Lens: A Longitudinal Investigation & Insights from an Exploratory Diary Study. In Proceedings - EuroUSEC 2022: 2022 European Symposium on Usable Security, EuroUSEC 2022. Association for Computing Machinery (ACM). 2022. p. 85-97. (ACM International Conference Proceeding Series). doi: 10.1145/3549015.3554211

Shoulder Surfing through the Social Lens: A Longitudinal Investigation & Insights from an Exploratory Diary Study

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Cite this