Abstract: The graphical password authentication scheme uses icons instead of text-based passwords to authenticate users. Icons might be somehow more familiar to human beings than text-based passwords, since it is hard to remember the latter with sufficient security strength. No matter what kind of password is used, there are always shoulder-surfing problems. An attacker can easily get text-based password or graphical password by observation, capturing a video or recording the login process. In this paper, we propose a shoulder-surfing-proof graphical password authentication scheme using the convex-hull graphical algorithm. We give evaluation and comparisons to demonstrate the security strength and the functionality advantages of our scheme.