research-article

Look into my eyes!: can you guess my password?

Authors:

Alexander De Luca,

Heinrich HussmannAuthors Info & Claims

SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security

Article No.: 7, Pages 1 - 12

https://doi.org/10.1145/1572532.1572542

Published: 15 July 2009 Publication History

Abstract

Authentication systems for public terminals and thus public spaces have to be fast, easy and secure. Security is of utmost importance since the public setting allows manifold attacks from simple shoulder surfing to advanced manipulations of the terminals. In this work, we present EyePassShapes, an eye tracking authentication method that has been designed to meet these requirements. Instead of using standard eye tracking input methods that require precise and expensive eye trackers, EyePassShapes uses eye gestures. This input method works well with data about the relative eye movement, which is much easier to detect than the precise position of the user's gaze and works with cheaper hardware. Different evaluations on technical aspects, usability, security and memorability show that EyePassShapes can significantly increase security while being easy to use and fast at the same time.

References

[1]

A. Bulling, D. Roggen, and G. Tröster. It's in your eyes - towards context-awareness and mobile hci using wearable eog goggles. In Proc. of the 10th International Conference on Ubiquitous Computing (UbiComp 2008), volume 344 of ACM International Conference Proceeding Series, pages 84--93. ACM Press, Sept. 2008.

Digital Library

[2]

L. Coventry, A. D. Angeli, and G. Johnson. Usability and biometric verification at the atm interface. In CHI '03: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 153--160, New York, NY, USA, 2003. ACM.

Digital Library

[3]

A. De Angeli, L. Coventry, G. Johnson, and K. Renaud. Is a picture really worth a thousand words? exploring the feasibility of graphical authentication systems. Int. J. Hum.-Comput. Stud., 63(1--2):128--152, 2005.

Digital Library

[4]

A. De Luca, E. von Zezschwitz, and H. Hußmann. Vibrapass - secure authentication based on shared lies. In CHI '09: 27th ACM SIGCHI Conference on Human Factors in Computing Systems. ACM, Apr. 2009.

Digital Library

[5]

A. De Luca, R. Weiss, and H. Drewes. Evaluation of eye-gaze interaction methods for security enhanced pin-entry. In OZCHI '07: Proceedings of the 2007 conference of the computer-human interaction special interest group (CHISIG) of Australia on Computer-human interaction: design: activities, artifacts and environments, pages 199--202, New York, NY, USA, 2007. ACM.

Digital Library

[6]

A. De Luca, R. Weiss, H. Hußmann, and X. An. Eyepass - eye-stroke authentication for public terminals. In CHI '08: CHI '08 extended abstracts on Human factors in computing systems, pages 3003--3008, New York, NY, USA, 2008. ACM.

Digital Library

[7]

T. Deyle and V. Roth. Accessible authentication via tactile pin entry. Computer Graphics Topics, Issue 3, Mar. 2006.

[8]

R. Dhamija and A. Perrig. Déjà vu: a user study using images for authentication. In SSYM'00: Proceedings of the 9th conference on USENIX Security Symposium, pages 4--4, Berkeley, CA, USA, 2000. USENIX Association.

Digital Library

[9]

H. Drewes and A. Schmidt. Interacting with the computer using gaze gestures. In International Conference on Human-Computer Interaction (INTERACT): 11th IFIP TC 13 International Conference, volume 2, pages 475--488, September 2007.

Digital Library

[10]

E. Hayashi, R. Dhamija, N. Christin, and A. Perrig. Use your illusion: secure authentication usable anywhere. In SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security, pages 35--45, New York, NY, USA, 2008. ACM.

Digital Library

[11]

R. J. Jacob. What you look at is what you get: eye movement-based interaction techniques. In CHI '90: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 11--18, New York, NY, USA, 1990. ACM.

Digital Library

[12]

M. Kumar, T. Garfinkel, D. Boneh, and T. Winograd. Reducing shoulder-surfing by using gaze-based password entry. In SOUPS '07: Proceedings of the 3rd symposium on Usable privacy and security, pages 13--19, New York, NY, USA, 2007. ACM.

Digital Library

[13]

B. Malek, M. Orozco, and A. E. Saddik. Novel shoulder-surfing resistant haptic-based graphical password. In EuroHaptics 2006, 2006.

[14]

W. Moncur and G. Leplâtre. Pictures at the atm: exploring the usability of multiple graphical passwords. In CHI '07: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 887--894, New York, NY, USA, 2007. ACM.

Digital Library

[15]

S. N. Patel, J. S. Pierce, and G. D. Abowd. A gesture-based authentication scheme for untrusted public terminals. In UIST '04: Proceedings of the 17th annual ACM symposium on User interface software and technology, pages 157--160, New York, NY, USA, 2004. ACM.

Digital Library

[16]

J. Rogers. Please enter your 4-digit pin. Financial Services Technology, U.S. Edition, Issue 4, Mar. 2007.

[17]

V. Roth, K. Richter, and R. Freidinger. A pin-entry method resilient against shoulder surfing. In CCS '04: Proceedings of the 11th ACM conference on Computer and communications security, pages 236--245, New York, NY, USA, 2004. ACM.

Digital Library

[18]

H. Sasamoto, N. Christin, and E. Hayashi. Undercover: authentication usable in front of prying eyes. In CHI '08: Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, pages 183--192, New York, NY, USA, 2008. ACM.

Digital Library

[19]

R. Shadmehr and T. Brashers-krug. Functional stages in the formation of human long-term motor memory. The Journal of Neuroscience, 17:409--419, 1997.

[20]

L. Standing. Learning 10,000 pictures. The Quarterly Journal of Experimental Psychology, 25:203--222, 1973.

[21]

D. S. Tan, P. Keyani, and M. Czerwinski. Spy-resistant keyboard: more secure password entry on public touch screen displays. In OZCHI '05: Proceedings of the 19th conference of the computer-human interaction special interest group (CHISIG) of Australia on Computer-human interaction, pages 1--10, 2005.

Digital Library

[22]

J. Thorpe, P. C. van Oorschot, and A. Somayaji. Pass-thoughts: authenticating with our minds. In NSPW '05: Proceedings of the 2005 workshop on New security paradigms, pages 45--56, New York, NY, USA, 2005. ACM.

Digital Library

[23]

R. Weiss and A. De Luca. Passshapes - utilizing stroke based authentication to increase password memorability. In NordiCHI 2008: Proceedings of the 5th Nordic Conference on Human-Computer Interaction, pages 383--392, New York, NY, USA, 2008. ACM.

Digital Library

[24]

S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget. Design and evaluation of a shoulder-surfing resistant graphical password scheme. In AVI '06: Proceedings of the working conference on Advanced visual interfaces, pages 177--184, New York, NY, USA, 2006. ACM.

Digital Library

[25]

J. O. Wobbrock, B. A. Myers, and J. A. Kembel. Edgewrite: a stylus-based text entry method designed for high accuracy and stability of motion. In UIST '03: Proceedings of the 16th annual ACM symposium on User interface software and technology, pages 61--70, New York, NY, USA, 2003. ACM.

Digital Library

[26]

J. O. Wobbrock, J. Rubinstein, M. W. Sawyer, and A. T. Duchowski. Longitudinal evaluation of discrete consecutive gaze gestures for text entry. In ETRA '08: Proceedings of the 2008 symposium on Eye tracking research&applications, pages 11--18, New York, NY, USA, 2008. ACM.

Digital Library

Cited By

Abdrabou YOmelina TDietz FKhamis MAlt FHassib M(2024)Where Do You Look When Unlocking Your Phone? : A Field Study of Gaze Behaviour During Smartphone UnlockExtended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3651094(1-7)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613905.3651094
Corbett MShang JJi B(2024)GazePair: Efficient Pairing of Augmented Reality Devices Using Gaze TrackingIEEE Transactions on Mobile Computing10.1109/TMC.2023.325584123:3(2407-2421)Online publication date: Mar-2024
https://doi.org/10.1109/TMC.2023.3255841
Kuang LZeng FJiang HLiu DLi JZheng HZhang QMin G(2024)DEyeAuth: A Secure Smartphone User Authentication System Integrating Eyelid Patterns With Eye GesturesIEEE Internet of Things Journal10.1109/JIOT.2024.340778011:18(30069-30083)Online publication date: 15-Sep-2024
https://doi.org/10.1109/JIOT.2024.3407780
Show More Cited By

Index Terms

Look into my eyes!: can you guess my password?
1. Applied computing
  1. Electronic commerce
    1. Secure online transactions
2. Security and privacy

Recommendations

The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions
CHI '20: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems

For the past 20 years, researchers have investigated the use of eye tracking in security applications. We present a holistic view on gaze-based security applications. In particular, we canvassed the literature and classify the utility of gaze in security ...
It's in your eyes: towards context-awareness and mobile HCI using wearable EOG goggles
UbiComp '08: Proceedings of the 10th international conference on Ubiquitous computing

In this work we describe the design, implementation and evaluation of a novel eye tracker for context-awareness and mobile HCI applications. In contrast to common systems using video cameras, this compact device relies on Electrooculography (EOG). It ...
Wearable EOG goggles: eye-based interaction in everyday environments
CHI EA '09: CHI '09 Extended Abstracts on Human Factors in Computing Systems

In this paper, we present an embedded eye tracker for context-awareness and eye-based human-computer interaction - the wearable EOG goggles. In contrast to common systems using video, this unobtrusive device relies on Electrooculography (EOG). It ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security

July 2009

205 pages

ISBN:9781605587363

DOI:10.1145/1572532

General Chair:
Lorrie Faith Cranor
Carnegie Mellon University

Copyright © 2009 Copyright held by the author/owner.

Sponsors

Carnegie Mellon CyLab
Google Inc.

In-Cooperation

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 July 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SOUPS '09

Sponsor:

SOUPS '09: Symposium on Usable Privacy and Security

July 15 - 17, 2009

California, Mountain View, USA

Acceptance Rates

SOUPS '09 Paper Acceptance Rate 15 of 49 submissions, 31%;

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

100
Total Citations
View Citations
1,132
Total Downloads

Downloads (Last 12 months)41
Downloads (Last 6 weeks)1

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Abdrabou YOmelina TDietz FKhamis MAlt FHassib M(2024)Where Do You Look When Unlocking Your Phone? : A Field Study of Gaze Behaviour During Smartphone UnlockExtended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3651094(1-7)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613905.3651094
Corbett MShang JJi B(2024)GazePair: Efficient Pairing of Augmented Reality Devices Using Gaze TrackingIEEE Transactions on Mobile Computing10.1109/TMC.2023.325584123:3(2407-2421)Online publication date: Mar-2024
https://doi.org/10.1109/TMC.2023.3255841
Kuang LZeng FJiang HLiu DLi JZheng HZhang QMin G(2024)DEyeAuth: A Secure Smartphone User Authentication System Integrating Eyelid Patterns With Eye GesturesIEEE Internet of Things Journal10.1109/JIOT.2024.340778011:18(30069-30083)Online publication date: 15-Sep-2024
https://doi.org/10.1109/JIOT.2024.3407780
Price ALoizides F(2024)Allowing for Secure and Accessible Authentication for Individuals with Disabilities of DexterityHuman-Centered Software Engineering10.1007/978-3-031-64576-1_7(133-146)Online publication date: 1-Jul-2024
https://doi.org/10.1007/978-3-031-64576-1_7
Marky KMacdonald SAbdrabou YKhamis MCalandrino JTroncoso C(2023)In the quest to protect users from side-channel attacksProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620530(5235-5252)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620530
Zhou MWang QLin XZhao YJiang PLi QShen CWang C(2023)PressPIN: Enabling Secure PIN Authentication on Mobile Devices via Structure-Borne SoundsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.315188920:2(1228-1242)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3151889
Wisnu Gautama PAhmad T(2023)RISET: Secure Eye-Tracking Password Authentication with Random Image Sequence2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT)10.1109/ICCCNT56998.2023.10307530(1-6)Online publication date: 6-Jul-2023
https://doi.org/10.1109/ICCCNT56998.2023.10307530
Siahaan CChowanda A(2022)Spoofing keystroke dynamics authentication through synthetic typing pattern extracted from screen-recorded videoJournal of Big Data10.1186/s40537-022-00662-89:1Online publication date: 21-Nov-2022
https://doi.org/10.1186/s40537-022-00662-8
Khamis MMarky KBulling AAlt F(2022)User-centred multimodal authentication: securing handheld mobile devices using gaze and touch inputBehaviour & Information Technology10.1080/0144929X.2022.206959741:10(2061-2083)Online publication date: 6-May-2022
https://doi.org/10.1080/0144929X.2022.2069597
Yang GHu QAsghar M(2022)TIM: Secure and usable authentication for smartphonesJournal of Information Security and Applications10.1016/j.jisa.2022.10337471(103374)Online publication date: Dec-2022
https://doi.org/10.1016/j.jisa.2022.103374
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents