Short answer:
In computing and cyber security, shouldering (more often called shoulder surfing) is a non‑technical social‑engineering attack where someone steals information by visually watching what you do on a screen or keypad, usually over your shoulder.

What Is Shouldering In Computing?

In modern IT and security contexts, “shouldering” is essentially shorthand for shoulder surfing. It refers to an attacker quietly observing your screen or your keystrokes to capture sensitive data, instead of hacking networks or breaking encryption.

Typical targets include:

  • Passwords and PINs typed on keyboards or keypads.
  • Phone unlock patterns and passcodes.
  • One‑time codes (OTP), 2FA tokens, bank SMS codes.
  • Credit card numbers, CVV codes, and expiry dates.
  • Answers to security questions or private messages shown on screen.

Because people use devices everywhere—cafés, trains, airports—this low‑tech attack remains very relevant in the mid‑2020s.

How a Shouldering Attack Works

You can think of shouldering as visual eavesdropping.

  1. Positioning
    • Attacker stands or sits where they can see your screen or keypad (queues, buses, open offices, co‑working spaces).
 * They might be right behind you or at an angle with a partial view.
  1. Observation
    • They watch you type a PIN at an ATM or payment terminal.
 * They watch you logging in to email, a corporate VPN, or banking apps.

 * In more advanced cases, they may use binoculars or miniature cameras to record from a distance.
  1. Capture and Use
    • They memorize or record what you typed or saw, then reuse it to unlock your device, log in to your accounts, or make fraudulent payments.

A classic example: someone in a queue watches you type your card PIN at an ATM, then later steals the card or skims it and uses the PIN they observed.

Related Concept: “Shouldering Computing”

Some recent writing also uses the phrase “shouldering computing” for a more academic angle. This focuses on how people use devices in semi‑public environments and how to design interfaces that reduce visual threats like shoulder surfing.

Common defenses mentioned in that context include:

  • Adaptive UIs that obscure or briefly mask sensitive fields.
  • Biometric or voice‑based authentication instead of visible passwords.
  • Auto‑lock via facial recognition when unauthorized faces appear nearby.
  • Randomized on‑screen keypads so patterns are harder to observe.

So, “shouldering” can refer both to:

  • The attack (shoulder surfing / shouldering as social engineering).
  • A research/design field looking at user interaction and privacy in public spaces (“shouldering computing”).

Key Characteristics of Shouldering

  • Non‑technical attack : No malware or network hacking; it exploits human behavior and physical proximity.
  • Physical presence or line‑of‑sight required : The attacker must see the screen or input surface, either close up or with optical tools.
  • Ephemeral data focus : One‑time codes and short‑lived screen content are common targets.
  • Low cost, low skill : Almost anyone can attempt it, which is why security training still warns about it.

How to Protect Against Shouldering

Some practical countermeasures you’ll see recommended in security guides:

  • Shield your input
    • Cover keypads with your hand when typing PINs.
    • Angle your phone or laptop so it’s harder to see from the side.
  • Use privacy hardware
    • Attach privacy filters to laptop or phone screens to narrow the viewing angle.
  • Prefer stronger auth methods
    • Use biometrics (fingerprint, face) or security tokens where possible.
  • Be location‑aware
    • Avoid logging into sensitive accounts or entering high‑value credentials in very crowded public places if you can help it.

Mini HTML Table (for your “Quick Scoop” block)

Here is an HTML table you can embed directly:

html

<table>
  <thead>
    <tr>
      <th>Aspect</th>
      <th>Details</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td>Short definition</td>
      <td>Shouldering (shoulder surfing) is a non-technical social-engineering attack where someone visually watches your screen or keypad to steal information.[web:3][web:7][web:9][web:10]</td>
    </tr>
    <tr>
      <td>Typical targets</td>
      <td>Passwords, PINs, card numbers, one-time codes, unlock patterns, and other sensitive on-screen data.[web:3][web:5][web:9]</td>
    </tr>
    <tr>
      <td>Environment</td>
      <td>Public and semi-public spaces like ATMs, public transport, cafes, open offices, queues, and airports.[web:3][web:5][web:9]</td>
    </tr>
    <tr>
      <td>Attack type</td>
      <td>Non-technical, visual observation-based, considered a form of social engineering.[web:3][web:5][web:7][web:9][web:10]</td>
    </tr>
    <tr>
      <td>“Shouldering computing”</td>
      <td>Research/design field about how users interact with devices in semi-public spaces and how to minimize visual threats with UI and authentication design.[web:1]</td>
    </tr>
    <tr>
      <td>Key defenses</td>
      <td>Covering keypads, using privacy screens, preferring biometrics or tokens, avoiding sensitive logins in crowded places, and adaptive UIs that hide sensitive fields.[web:1][web:3][web:5][web:9]</td>
    </tr>
  </tbody>
</table>

TL;DR (for your post footer)

Shouldering in computing is mainly about shoulder surfing —quietly watching someone’s screen or keystrokes to steal sensitive data—and, more broadly, about designing systems that reduce this kind of visual privacy risk in public and semi‑public spaces.

Information gathered from public forums or data available on the internet and portrayed here.