Leicestershire Police have reported a similar spree of so-called 'shoulder-surfing
Winograd, "Reducing Shoulder-surfing
by Using Gaze-based Password Entry," in Proc.
Fard, "A graphical password against spyware and shoulder-surfing
attacks," in Proceedings of the 20th International Symposium on Computer Science and Software Engineering (CSSE '15), pp.
Since the location of the keypad letters is changed randomly for each authentication, an attacker fails to authenticate with the password acquired by shoulder-surfing
or side channel attacks.
--Be observant while entering your username and password in public locations to avoid a shoulder-surfing
PIN/password-based authentication schemes, although still the most popular way of user authentication, have proven to be vulnerable to different forms of observation attacks, such as shoulder-surfing
, key logging or camera recording attacks .
Haichang et al  proposed a new shoulder-surfing
resistant scheme as shown in Figure 11 where the user is required to draw a curve across their password images orderly rather than clicking on them directly.
: A criminal watches the cardholder enter their PIN, then subsequently steals their card using distraction techniques or pick pocketing, before using the stolen card and genuine PIN.
Opportunistic hackers know that passwords can still be found--for example on Post-It notes or even by "shoulder-surfing
" (observing a user typing their PIN or password).
However, like the Passfaces system, it, too, is vulnerable to shoulder-surfing
The Recording Attack is a type of Shoulder-Surfing
Attack  where the attacker records the entire user authentication process including ID and password input for a service.
Older and simpler techniques, such as "dumpster diving," "shoulder-surfing
" (watching or listening from a nearby location) still work and have morphed into newer high-tech approaches, such as mass data breaches at financial and government institutions, places you have historically entrusted with your personal data.