Authentication of personal computing device is prone to shoulder-surfing attacks. Gesture-based techniques are often used for such authentication. However, existing techniques fall prey to identity theft. The main reason is the visual trails that are left behind by the patterns or gestures. In this paper, a typical gesture-based authentication technique developed using an industry standard motion sensor, has been tested against shoulder-surfing attacks. We exploit the concept of difference in point-of-views of the user and the attacker to analyse the robustness of a password. In this quest, we have proposed a method to calculate strength of the passwords that can guide the users to carefully select the passwords. In this study, 840 authentication sessions were video recorded from different angles and positions to analyse the robustness of the passwords. Twenty volunteers were involved to observe these videos to decipher the passwords. Experiment results reveal that when the passwords are chosen carefully, guessing through shoulder surfing can be very difficult with average true negative rate of 94.4%. The method can be used to guide the users for selecting strong passwords for authentication in personal devices.