ABSTRACT
Authentication in public spaces poses significant security risks. Most significantly, passwords can be stolen, potentially leading to fraud. A common method to steal a PIN is through an observation attack, either using a camera or through direct observation (e.g. shoulder-surfing). This paper addresses this problem by presenting the design and implementation of a novel input keypad which uses tactile cues as means to compose a password. In this system, passwords are encoded as a sequence of randomized vibration patterns, making it visually impossible for an observer to detect which items are selected. An evaluation of this system shows it outperforms previous interfaces which have used tactile feedback to obfuscate passwords.
Supplemental Material
Available for Download
Slides from the presentation
- Blonder, G. E. Graphical passwords. United States Patent 5559961, 1996Google Scholar
- Brewster, S. A. and Brown, L. M. Non-visual information display using tactons. In Ext Abs of CHI '04. ACM, NY, 2004, pp. 787--788. Google ScholarDigital Library
- De Luca, A., von Zezschwitz, E., and Huβmann, H. 2009. Vibrapass: secure authentication based on shared lies. In Procs. of CHI '09. ACM, NY, pp. 913--916. Google ScholarDigital Library
- Giesen, L. ATM fraud: Does it warrant the expense to fight it? Banking Strategies, 2006, vol. 82, issue 6.Google Scholar
- Hart, S. G., & Staveland, L. E. Development of a multi-dimensional workload rating scale. In Human mental workload, 1988, 139--183. Elsevier.Google Scholar
- Kumar, M., Garfinkel, T., Boneh, D., and Winograd, T. Reducing shoulder-surfing by using gaze-based pass-word entry. In Procs of the 3rd Symposium on Usable Privacy and Security (SOUPS '07), vol. 229. ACM, NY, 2007, pp. 13--19. Google ScholarDigital Library
- Patel, S. N., Pierce, J. S., and Abowd, G. D. 2004. A gesture-based authentication scheme for untrusted public terminals. In Procs of UIST '04. ACM, NY. Google ScholarDigital Library
- Roth, V., Richter, K., and Freidinger, R. A PIN-entry method resilient against shoulder surfing. In Procs of the 11th ACM Conference on Computer and Communications Security, (CCS '04). ACM, NY, 2004. Google ScholarDigital Library
- Sasamoto, H., Christin, N., and Hayashi, E. Undercover: authentication usable in front of prying eyes. In Procs of CHI '08. ACM, New York, NY, 2008, pp. 183--192. Google ScholarDigital Library
- Tan, D. S., Keyani, P., and Czerwinski, M. Spy-resistant keyboard: more secure password entry on public touch screen displays. In Procs of the 17th Australia Conference on Computer-Human interaction , pp. 1--10. Google ScholarDigital Library
- Wickens, C. D. & Hollands, J. G. Engineering Psychology & Human Performance, 2000, Prentice Hall.Google Scholar
Index Terms
- The secure haptic keypad: a tactile password system
Recommendations
The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices
TEI '11: Proceedings of the fifth international conference on Tangible, embedded, and embodied interactionTangible user interfaces are portals to digital information. In the future, securing access to such material will be an important concern. This paper describes the design, implementation and evaluation of a PIN entry system based on audio or haptic cues ...
The haptic wheel: design & evaluation of a tactile password system
CHI EA '10: CHI '10 Extended Abstracts on Human Factors in Computing SystemsAuthentication through passwords in public spaces (such as in ATMs) is susceptible to simple observation attacks, such as shoulder surfing, which can result in the password being compromised and ultimately the exposure of users to fraud and theft. ...
SafetyPIN: Secure PIN Entry Through Eye Tracking
Proceedings of the Third International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 9190When a user enters a personal identification number PIN into an automated teller machine or a point of sale terminal, there is a risk of some one watching from behind, trying to guess the PIN code. Such shoulder-surfing is a major security threat. In ...
Comments