Two-Thumbs-Up: Physical protection for PIN entry secure against recording attacks

Dae Hun Nyang, Hyoungshick Kim, Woojoo Lee, Sung bae Kang, Geumhwan Cho, Mun Kyu Lee, Aziz Mohaisen

Research output: Contribution to journalArticlepeer-review

24 Scopus citations


We present a new Personal Identification Number (PIN) entry method for smartphones that can be used in security-critical applications, such as smartphone banking. The proposed “Two-Thumbs-Up” (TTU) scheme is resilient against observation attacks such as shoulder-surfing and camera recording, and guides users to protect their PIN information from eavesdropping by shielding the challenge area on the touch screen. To demonstrate the feasibility of TTU, we conducted a user study for TTU, and compared it with existing authentication methods (Normal PIN, Black and White PIN, and ColorPIN) in terms of usability and security. The study results demonstrate that TTU is more secure than other PIN entry methods in the presence of an observer recording multiple authentication sessions.

Original languageEnglish
Pages (from-to)1-15
Number of pages15
JournalComputers and Security
StatePublished - Sep 2018

Bibliographical note

Publisher Copyright:
© 2018


  • Authentication
  • Personal Identification Number (PIN)
  • Physical shielding
  • Recording attack
  • Smartphone
  • User studies


Dive into the research topics of 'Two-Thumbs-Up: Physical protection for PIN entry secure against recording attacks'. Together they form a unique fingerprint.

Cite this