Shoulder Surfing through the Social Lens: A Longitudinal Investigation & Insights from an Exploratory Diary Study

Farzand, H., Marky, K. and Khamis, M. (2022) Shoulder Surfing through the Social Lens: A Longitudinal Investigation & Insights from an Exploratory Diary Study. In: European Symposium on Usable Security (EuroUSEC 2022), Karlsruhe, Germany, 29-30 September 2022, pp. 85-97. ISBN 9781450397001 (doi: 10.1145/3549015.3554211)

[img] Text
276959.pdf - Accepted Version
Available under License Creative Commons Attribution.



Shoulder surfing is a prevailing threat when accessing information on personal devices like smartphones. Adequate mitigation requires studying shoulder surfing occurrences in people’s daily lives. In this paper, we confirm and extend previous research findings on shoulder surfing occurrences using a new method; a one-month diary study (N=23). Our results provide evidence of shoulder surfing in public and private environments. Content-based shoulder surfing happens more frequently than authentication-based shoulder surfing. Participants experienced shoulder surfing at least twice during the study period and considered the closeness of relationships with the shoulder surfers when deciding how to respond to shoulder surfing incidents. Participants preferred unobtrusive alerting mechanisms over mitigation mechanisms for protection against shoulder surfing. Our work advocates moving away from one-size-fits-all privacy solutions and supports the design of user-centred shoulder surfing mitigation methods that consider social aspects. We conclude with directions for future research to assist security researchers and practitioners.

Item Type:Conference Proceedings
Glasgow Author(s) Enlighten ID:Marky, Dr Karola and Khamis, Dr Mohamed and Farzand, Ms Habiba
Authors: Farzand, H., Marky, K., and Khamis, M.
College/School:College of Science and Engineering > School of Computing Science
Published Online:29 September 2022
Copyright Holders:Copyright © 2022 The Authors
Publisher Policy:Reproduced in accordance with the copyright policy of the publisher
Related URLs:

University Staff: Request a correction | Enlighten Editors: Update this record

Project CodeAward NoProject NamePrincipal InvestigatorFunder's NameFunder RefLead Dept
310627TAPS: Assessing, Mitigating and Raising Awareness of the Security and Privacy Risks of Thermal ImagingMohamed KhamisEngineering and Physical Sciences Research Council (EPSRC)EP/V008870/1Computing Science