Tobias Länge (Karlsruhe Institute of Technology), Philipp Matheis (Karlsruhe Institute of Technology), Reyhan Düzgün (Ruhr University Bochum), Melanie Volkamer (Karlsruhe Institute of Technology), Peter Mayer (Karlsruhe Institute of Technology, University of Southern Denmark)
Virtual reality (VR) is a growing technology with social, gaming and commercial applications. Due to the sensitive data involved, these systems require secure authentication. Shoulder-surfing, in particular, poses a significant threat as (1) interaction is mostly performed by means of visible gestures and (2) wearing the glasses prevents noticing bystanders. In this paper, we analyze research proposing shoulder-surfing resistant schemes for VR and present new shoulder-surfing resistant authentication schemes. Furthermore, we conducted a user study and found authenticating with our proposed schemes is efficient with times as low as 5.1 seconds. This is faster than previous shoulder-surfing resistant VR schemes, while offering similar user satisfaction.