From Finger Tapping to Thumb Strokes: An Accessible and Effective Approach to Shoulder Surfing Resistant Mobile User Authentication
Speaker (s):
Dongsong Zhang
Professor,
Belk Distinguished Professor
University of North Carolina at Charlotte
| Date: Time: Venue: | | 26 January 2026, Monday 3:00pm – 4:00pm School of Computing &
Information Systems 2 (SCIS 2)
Level 4, Meeting Room 4-1
Singapore Management University
90 Stamford Road
Singapore 178903 Please register by 23 January 2026. We look forward to seeing you at this research seminar.  | | | | |
|
About the Talk
The pervasive use of mobile devices in public venues exposes users to an elevated risk of shoulder-surfing attacks. Despite the prior work on shoulder-surfing resistance of mobile user authentication methods, there is a lack of empirical studies on textual password authentication methods, particularly the hybrid passwords that integrate textual passwords with biometrics. This research investigates two hybrid password methods, touch-gesture- and keystroke-based passwords, with respect to their shoulder-surfing resistance performance. To gain a holistic understanding of these password authentication methods, we examine them under a variety of shoulder-surfing settings by varying interaction mode, observation angle, entry error, and observation effort. The results of both a controlled lab experiment and an online experiment demonstrate the superior performance of the touch-gesture-based password method to the keystroke-based counterpart. The results also provide evidence for the effects of interaction mode, observation angle, and observation effort on shoulder-surfing resistance of hybrid passwords. Our findings offer suggestions for the design and strategies for strengthening the security of password authentication methods.
About the Speaker
Dr. Dongsong Zhang is a Belk Endowed Chair Professor in Business Analytics (with tenure) at the Belk College of Business, the University of North Carolina at Charlotte (UNC Charlotte). He also serves as the Executive Director of the School of Data Science at UNC Charlotte. His research interests include online fraud/misinformation detection, HCI, social media analytics, AI-based health IT, and online communities. He has published about 200 research articles in journals and conference proceedings, such as MIS Quarterly, Information Systems Research, Journal of Management Information Systems, INFORMS Journal on Computing, Production and Operations Management, IEEE Transactions on Knowledge and Data Engineering, IEEE Transactions on Software Engineering, IEEE Transactions on Human-Machine Systems, IEEE Transactions on Multimedia, IEEE Transactions on Systems, Man, and Cybernetics, IEEE Transactions on Professional Communication, IEEE Intelligent Systems, ACM Transactions on Accessible Computing, ACM Transactions on Management Information Systems, and Communications of the ACM, etc. He has received external research grants and awards from U.S. National Science Foundation (NSF), National Institute of Health (NIH), U.S. Department of Education, Centers for Disease Control and Prevention (CDC), Google Inc., as well as National Natural Science Foundation of China. According to Google Scholar, his research has been cited more than 17,000 times. He received his Ph.D. in Management Information Systems from the Eller School of Management at the University of Arizona.
