Reducing shoulder-surfing by using gaze-based password entry

Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI:10.1145/1280680.1280683

Manu Kumar, Tal Garfinkel, D. Boneh, T. Winograd

{"title":"Reducing shoulder-surfing by using gaze-based password entry","authors":"Manu Kumar, Tal Garfinkel, D. Boneh, T. Winograd","doi":"10.1145/1280680.1280683","DOIUrl":null,"url":null,"abstract":"Shoulder-surfing -- using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information -- is a problem that has been difficult to overcome. When a user enters information using a keyboard, mouse, touch screen or any traditional input device, a malicious observer may be able to acquire the user's password credentials. We present EyePassword, a system that mitigates the issues of shoulder surfing via a novel approach to user input.\n With EyePassword, a user enters sensitive input (password, PIN, etc.) by selecting from an on-screen keyboard using only the orientation of their pupils (i.e. the position of their gaze on screen), making eavesdropping by a malicious observer largely impractical. We present a number of design choices and discuss their effect on usability and security. We conducted user studies to evaluate the speed, accuracy and user acceptance of our approach. Our results demonstrate that gaze-based password entry requires marginal additional time over using a keyboard, error rates are similar to those of using a keyboard and subjects preferred the gaze-based password entry approach over traditional methods.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"87 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"358","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symposium On Usable Privacy and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1280680.1280683","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 358

Abstract

Shoulder-surfing -- using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information -- is a problem that has been difficult to overcome. When a user enters information using a keyboard, mouse, touch screen or any traditional input device, a malicious observer may be able to acquire the user's password credentials. We present EyePassword, a system that mitigates the issues of shoulder surfing via a novel approach to user input. With EyePassword, a user enters sensitive input (password, PIN, etc.) by selecting from an on-screen keyboard using only the orientation of their pupils (i.e. the position of their gaze on screen), making eavesdropping by a malicious observer largely impractical. We present a number of design choices and discuss their effect on usability and security. We conducted user studies to evaluate the speed, accuracy and user acceptance of our approach. Our results demonstrate that gaze-based password entry requires marginal additional time over using a keyboard, error rates are similar to those of using a keyboard and subjects preferred the gaze-based password entry approach over traditional methods.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

通过使用基于凝视的密码输入来减少肩部冲浪

“偷窥”是指利用直接观察技术，比如越过某人的肩膀，获取密码、个人识别码和其他敏感的个人信息，这是一个很难克服的问题。当用户使用键盘、鼠标、触摸屏或任何传统输入设备输入信息时，恶意的观察者可能能够获取用户的密码凭据。我们提出EyePassword，这是一个通过新颖的用户输入方法减轻肩部冲浪问题的系统。有了EyePassword，用户只需通过瞳孔的方向(即他们凝视屏幕的位置)从屏幕上的键盘上选择，就可以输入敏感的输入(密码，PIN等)，这使得恶意观察者的窃听在很大程度上是不切实际的。我们提出了一些设计选择，并讨论了它们对可用性和安全性的影响。我们进行了用户研究，以评估我们的方法的速度、准确性和用户接受程度。我们的研究结果表明，基于注视的密码输入比使用键盘需要额外的时间，错误率与使用键盘相似，并且受试者更喜欢基于注视的密码输入方法而不是传统方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Symposium On Usable Privacy and Security

自引率

0.00%

发文量