We evaluate the efficacy of shoulder surfing defenses for PIN-based authentication systems. We find tilting the device away from the observer, a widely adopted defense strategy, provides limited protection.  We also evaluate a recently proposed defense incorporating an "invisible pressure component" into PIN entry.  Contrary to earlier claims, our results show this provides little defense against malicious insider attacks.  Observations during the study uncover successful attacker strategies for reconstructing a victim's PIN when faced with a tilt defense.  Our evaluations identify common misconceptions regarding shoulder surfing defenses, and highlight the need to educate users on how to safeguard their credentials from these attacks.