What security measure can mitigate the risk of shoulder surfing?

A. Biometrics
B. Privacy Screen
C. Smart Cards
D. Multi-Factor Authentication

Answer: B. Privacy Screen

Explanation:

A. Biometrics

Biometrics (e.g., fingerprints or facial recognition) verify identity based on physical traits.  

• Why it's not the answer: While biometrics make it harder for an attacker to use a stolen password, they do nothing to stop an attacker from watching you view a sensitive document or seeing your screen while you work.

B. Privacy Screen

A privacy screen (or privacy filter) is a thin piece of plastic placed over a monitor or laptop screen.  

•  How it works: It uses micro-louver technology to narrow the viewing angle.  The data is only visible to the person sitting directly in front of the screen; to anyone looking from the side, the screen appears black or distorted.  

   +1

   

• Direct Mitigation: This is the most effective technical physical control for preventing someone in a public space (like a cafe or airplane) from seeing what is on your display.

C. Smart Cards

Smart cards are a form of "Something You Have" authentication.

• Why it's not the answer: Like biometrics, a smart card helps secure the login process, but it does not protect the data displayed on the screen once the user is authenticated.

D. Multi-Factor Authentication (MFA)

MFA requires two or more factors (e.g., a password and a token code) to grant access.  

•  The Limitation: MFA is designed to prevent unauthorized account access if a password is stolen.  However, shoulder surfing can be used to steal more than just passwords—it can be used to read sensitive emails, see customer data, or observe proprietary source code, all of which occur after MFA has been successfully completed.