{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T01:45:27Z","timestamp":1760233527086,"version":"build-2065373602"},"reference-count":25,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2021,1,13]],"date-time":"2021-01-13T00:00:00Z","timestamp":1610496000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["Nos. 61872181."],"award-info":[{"award-number":["Nos. 61872181."]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>Access management of IoT devices is extremely important, and a secure login authentication scheme can effectively protect users\u2019 privacy. However, traditional authentication schemes are threatened by shoulder-surfing attacks, and biometric-based schemes, such as fingerprint recognition and face recognition, that are commonly used today can also be cracked. Researchers have proposed some schemes for current attacks, but they are limited by usability. For example, the login authentication process requires additional device support. This method solves the problem of attacks, but it is unusable, which limits its application. At present, most authentication schemes for the Internet of Things and mobile platforms either focus on security, thus ignoring availability, or have excellent convenience but insufficient security. This is a symmetry problem worth exploring. Therefore, users need a new type of login authentication scheme that can balance security and usability to protect users\u2019 private data or maintain device security. In this paper, we propose a login authentication scheme named PinWheel, which combines a textual password, a graphical password, and biometrics to prevent both shoulder-surfing attacks and smudge attacks and solves the current schemes\u2019 lack of usability. We implemented PinWheel and evaluated it from the perspective of security and usability. The experiments required 262 days, and 573 subjects participated in our investigation. The evaluation results show that PinWheel can at least effectively resist both mainstream attacks and is superior to most existing schemes in terms of usability.<\/jats:p>","DOI":"10.3390\/sym13010125","type":"journal-article","created":{"date-parts":[[2021,1,13]],"date-time":"2021-01-13T21:50:54Z","timestamp":1610574654000},"page":"125","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["An Efficient Login Authentication System against Multiple Attacks in Mobile Devices"],"prefix":"10.3390","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0489-2742","authenticated-orcid":false,"given":"Yang","family":"Li","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, NO. 29 Yudao Street, Nanjing 210016, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3473-6943","authenticated-orcid":false,"given":"Xinyu","family":"Yun","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, NO. 29 Yudao Street, Nanjing 210016, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1420-2047","authenticated-orcid":false,"given":"Liming","family":"Fang","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, NO. 29 Yudao Street, Nanjing 210016, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2629-7220","authenticated-orcid":false,"given":"Chunpeng","family":"Ge","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, NO. 29 Yudao Street, Nanjing 210016, China"},{"name":"State Key Laboratory of Cryptology, P.O. Box 5159, Beijing 100878, China"},{"name":"Science and Technology on Parallel and Distributed Processing Laboratory (PDL), Changsha 410003, China"}]}],"member":"1968","published-online":{"date-parts":[[2021,1,13]]},"reference":[{"key":"ref_1","first-page":"616","article-title":"Providing a Secure Hybrid Method for Graphical Password Authentication to Prevent Shoulder Surfing, Smudge and Brute Force Attack","volume":"13","author":"Sepideh","year":"2019","journal-title":"Int. J. Comput. Inf. Eng."},{"key":"ref_2","unstructured":"Harbach, M., Von Zezschwitz, E., Fichtner, A., De Luca, A., and Smith, M. (2014, January 9\u201311). It\u2019sa hard lock life: A field study of smartphone (un) locking behavior and risk perception. Proceedings of the 10th Symposium On Usable Privacy and Security ({SOUPS} 2014), Menlo Park, CA, USA."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"e125","DOI":"10.1002\/spy2.125","article-title":"Graphical passwords: Behind the attainment of goals","volume":"3","author":"Vaddeti","year":"2020","journal-title":"Secur. Priv."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"906","DOI":"10.1109\/TDSC.2017.2682244","article-title":"On the soundness and security of privacy-preserving SVM for outsourcing data classification","volume":"15","author":"Li","year":"2018","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_5","first-page":"361","article-title":"What\u2019s in a Name? Using Words\u2019 Uniqueness to Identify Hackers in Brute Force Attacks","volume":"14","author":"Rechavi","year":"2020","journal-title":"Int. J. Cyber Criminol."},{"key":"ref_6","unstructured":"Tank, H., and Harsora, V. (2015, January 1\u20132). A Survey on Secure Virtual Password and Phishing Attack. Proceedings of the 4th International Conference on Computer Science and Information Technology (ICCIT 2015), Gujarat, India."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"423","DOI":"10.1016\/j.cose.2019.05.015","article-title":"Optiwords: A new password policy for creating memorable and strong passwords","volume":"85","author":"Guo","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Varshney, S., Umar, M.S., and Nazir, A. (2020). A Secure Shoulder Surfing Resistant Hybrid Graphical User Authentication Scheme. Cybernetics, Cognition and Machine Learning Applications, Springer.","DOI":"10.1007\/978-981-15-1632-0_9"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1800","DOI":"10.1080\/10447318.2019.1574057","article-title":"A Human-Cognitive Perspective of Users\u2019 Password Choices in Recognition-Based Graphical Authentication","volume":"35","author":"Katsini","year":"2019","journal-title":"Int. J. Hum. Comput. Interact."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1087","DOI":"10.3390\/sym11091087","article-title":"Preventing Shoulder-Surfing Attacks using Digraph Substitution Rules and Pass-Image Output Feedback","volume":"11","author":"Yee","year":"2019","journal-title":"Symmetry"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"1645","DOI":"10.1007\/s12652-019-01269-3","article-title":"Usability and shoulder surfing vulnerability of pattern passwords on mobile devices using camouflage patterns","volume":"11","author":"Alsuhibany","year":"2019","journal-title":"J. Ambient Intell. Humaniz. Comput."},{"key":"ref_12","unstructured":"De Luca, A., Von Zezschwitz, E., Nguyen, N.D.H., Maurer, M.E., Rubegni, E., Scipioni, M.P., and Langheinrich, M. (May, January 27). Back-of-device authentication on smartphones. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Paris, France."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Von Zezschwitz, E., De Luca, A., Brunkow, B., and Hussmann, H. (2015, January 18\u201323). Swipin: Fast and secure pin-entry on smartphones. Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, Seoul, Korea.","DOI":"10.1145\/2702123.2702212"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Saad, A., Chukwu, M., and Schneegass, S. (2018, January 25\u201328). Communicating Shoulder Surfing Attacks to Users. Proceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia, Cairo, Egypt.","DOI":"10.1145\/3282894.3282919"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Schneegass, S., Oualil, Y., and Bulling, A. (2016, January 7\u201312). SkullConduct: Biometric user identification on eyewear computers using bone conduction through the skull. Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, San Jose, CA, USA.","DOI":"10.1145\/2858036.2858152"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"245","DOI":"10.1007\/s10207-013-0216-7","article-title":"Shoulder-surfing-proof graphical password authentication scheme","volume":"13","author":"Wu","year":"2014","journal-title":"Int. J. Inf. Secur."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"2875676","DOI":"10.1155\/2019\/2875676","article-title":"Polynomial-based Google map graphical password system against shoulder-surfing attacks in cloud environment","volume":"2019","author":"Zhou","year":"2019","journal-title":"Complexity"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Chen, S., and Zhu, Y. (2019). A Textual Password Entry Method Resistant to Human Shoulder-Surfing Attack. International Symposium on Cyberspace Safety and Security, Springer.","DOI":"10.1007\/978-3-030-37352-8_36"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1016\/j.cose.2017.05.006","article-title":"EvoPass: Evolvable graphical password against shoulder-surfing attacks","volume":"70","author":"Yu","year":"2017","journal-title":"Comput. Secur."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2018.05.012","article-title":"Two-Thumbs-Up: Physical protection for PIN entry secure against recording attacks","volume":"78","author":"Nyang","year":"2018","journal-title":"Comput. Secur."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Ali, A., Rafique, H., Arshad, T., Alqarni, M.A., Chauhdary, S.H., and Bashir, A.K. (2019). A fractal-based authentication technique using sierpinski triangles in smart devices. Sensors, 19.","DOI":"10.3390\/s19030678"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Fang, L., Li, Y., Yun, X., Wen, Z., and Tanveer, M. (2019). THP: A Novel Authentication Scheme to Prevent Multiple Attacks in SDN-based IoT Network. IEEE Internet Things J.","DOI":"10.1109\/JIOT.2019.2944301"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"De Luca, A., Hertzschuch, K., and Hussmann, H. (2010, January 10\u201315). ColorPIN: Securing PIN entry through indirect input. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Atlanta, GA, USA.","DOI":"10.1145\/1753326.1753490"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Panda, S., Kumari, M., and Mondal, S. (2018). SGP: A Safe Graphical Password System Resisting Shoulder-Surfing Attack on Smartphones. International Conference on Information Systems Security, Springer.","DOI":"10.1007\/978-3-030-05171-6_7"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"180","DOI":"10.1109\/TDSC.2016.2539942","article-title":"A Shoulder Surfing Resistant Graphical Authentication System","volume":"15","author":"Sun","year":"2018","journal-title":"IEEE Trans. Dependable Secur. Comput."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/13\/1\/125\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T05:10:28Z","timestamp":1760159428000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/13\/1\/125"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,1,13]]},"references-count":25,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2021,1]]}},"alternative-id":["sym13010125"],"URL":"https:\/\/doi.org\/10.3390\/sym13010125","relation":{},"ISSN":["2073-8994"],"issn-type":[{"type":"electronic","value":"2073-8994"}],"subject":[],"published":{"date-parts":[[2021,1,13]]}}}