short-paper

GazeLockPatterns: Comparing Authentication Using Gaze and Touch for Entering Lock Patterns

Authors:

Yasmeen Abdrabou,

Mohamed Khamis,

Florian AltAuthors Info & Claims

ETRA '20 Short Papers: ACM Symposium on Eye Tracking Research and Applications

Article No.: 29, Pages 1 - 6

https://doi.org/10.1145/3379156.3391371

Published: 02 June 2020 Publication History

Abstract

In this work, we present a comparison between Android’s lock patterns for mobile devices (TouchLockPatterns) and an implementation of lock patterns that uses gaze input (GazeLockPatterns). We report on results of a between subjects study (N=40) to show that for the same layout of authentication interface, people employ comparable strategies for pattern composition. We discuss the pros and cons of adapting lock patterns to gaze-based user interfaces. We conclude by opportunities for future work, such as using data collected during authentication for calibrating eye trackers.

References

[1]

Yomna Abdelrahman, Mohamed Khamis, Stefan Schneegass, and Florian Alt. 2017. Stay Cool! Understanding Thermal Attacks on Mobile-Based User Authentication. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI ’17). Association for Computing Machinery, New York, NY, USA, 3751–3763. https://doi.org/10.1145/3025453.3025461

Digital Library

[2]

Yasmeen Abdrabou, Mohamed Khamis, Rana Mohamed Eisa, Sherif Ismail, and Amr Elmougy. 2019. Just Gaze and Wave: Exploring the Use of Gaze and Gestures for Shoulder-Surfing Resilient Authentication. In Proceedings of the 11th ACM Symposium on Eye Tracking Research & Applications (Denver, Colorado) (ETRA ’19). ACM, New York, NY, USA, 10. https://doi.org/10.1145/3314111.3319837

Digital Library

[3]

Evgeniy R. Abdulin and Oleg V. Komogortsev. 2015. Person Verification via Eye Movement-driven Text Reading Model. In 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS). IEEE, USA, 1–8. https://doi.org/10.1109/BTAS.2015.7358786

[4]

Panagiotis Andriotis, Theo Tryfonas, and George Oikonomou. 2014. Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method. In Proceedings of the Second International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 8533. Springer-Verlag, Berlin, Heidelberg, 115–126. https://doi.org/10.1007/978-3-319-07620-1_11

Digital Library

[5]

Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith. 2010. Smudge Attacks on Smartphone Touch Screens. In Proceedings of the 4th USENIX Conference on Offensive Technologies (Washington, DC) (WOOT’10). USENIX Association, USA, 1–7.

Digital Library

[6]

Darrell S. Best and Andrew T. Duchowski. 2016. A Rotary Dial for Gaze-based PIN Entry. In Proceedings of the Ninth Biennial ACM Symposium on Eye Tracking Research & Applications (Charleston, South Carolina) (ETRA ’16). ACM, New York, NY, USA, 69–76. https://doi.org/10.1145/2857491.2857527

[7]

Andreas Bulling, Florian Alt, and Albrecht Schmidt. 2012. Increasing the Security of Gaze-Based Cued-Recall Graphical Passwords Using Saliency Masks. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Austin, Texas, USA) (CHI ’12). Association for Computing Machinery, New York, NY, USA, 3011–3020. https://doi.org/10.1145/2207676.2208712

Digital Library

[8]

Virginio Cantoni, Tomas Lacovara, Marco Porta, and Haochen Wang. 2018. A Study on Gaze-Controlled PIN Input with Biometric Data Analysis. In Proceedings of the 19th International Conference on Computer Systems and Technologies (Ruse, Bulgaria) (CompSysTech ’18). ACM, New York, NY, USA, 99–103. https://doi.org/10.1145/3274005.3274029

Digital Library

[9]

Cyber Code. Feb 2016. C# - Gestural Pattern Draw Lock Screen Control (from Android devices) [RO]. Youtube. https://www.youtube.com/watch?v=8dhO-P0wcyo&list=PLSqjYSJtqeaXQDuNi0Ko0fHSBk95Rcxjw&index=31

[10]

Alexander De Luca, Martin Denzel, and Heinrich Hussmann. 2009. Look into My Eyes! Can You Guess My Password?. In Proceedings of the 5th Symposium on Usable Privacy and Security (Mountain View, California, USA) (SOUPS ’09). Association for Computing Machinery, New York, NY, USA, Article Article 7, 12 pages. https://doi.org/10.1145/1572532.1572542

Digital Library

[11]

Alexander De Luca, Roman Weiss, and Heiko Drewes. 2007. Evaluation of Eye-gaze Interaction Methods for Security Enhanced PIN-entry. In Proceedings of the 19th Australasian Conference on Computer-Human Interaction: Entertaining User Interfaces (Adelaide, Australia) (OZCHI ’07). ACM, New York, NY, USA, 199–202. https://doi.org/10.1145/1324892.1324932

Digital Library

[12]

Alexander De Luca, Roman Weiss, Heinrich Hussmann, and Xueli An. 2008. Eyepass - Eye-stroke Authentication for Public Terminals. In CHI ’08 Extended Abstracts on Human Factors in Computing Systems (Florence, Italy) (CHI EA ’08). ACM, New York, NY, USA, 3003–3008. https://doi.org/10.1145/1358628.1358798

[13]

Serge Egelman, Sakshi Jain, Rebecca S. Portnoff, Kerwell Liao, Sunny Consolvo, and David Wagner. 2014. Are You Ready to Lock?. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (Scottsdale, Arizona, USA) (CCS ’14). Association for Computing Machinery, New York, NY, USA, 750–761. https://doi.org/10.1145/2660267.2660273

Digital Library

[14]

Marian Harbach, Alexander De Luca, and Serge Egelman. 2016. The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (San Jose, California, USA) (CHI ’16). Association for Computing Machinery, New York, NY, USA, 4806–4817. https://doi.org/10.1145/2858036.2858267

Digital Library

[15]

Corey D. Holland and Oleg V. Komogortsev. 2012. Biometric Verification via Complex Eye Movements: The Effects of Environment and Stimulus. In 2012 IEEE Fifth International Conference on Biometrics: Theory, Applications and Systems (BTAS). IEEE, USA, 39–46. https://doi.org/10.1109/BTAS.2012.6374556

[16]

Martti Juhola, Youming Zhang, and Jyrki Rasku. 2013. Biometric Verification of a Subject through Eye Movements. Computers in Biology and Medicine 43, 1 (2013), 42–50. https://doi.org/10.1016/j.compbiomed.2012.10.005

Digital Library

[17]

Christina Katsini, Yasmeen Abdrabou, George Raptis, Mohamed Khamis, and Florian Alt. 2020. The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions. In Proceedings of the 38th Annual ACM Conference on Human Factors in Computing Systems (Honolulu, Hawaii, USA) (CHI ’20). ACM, New York, NY, USA, 21. https://doi.org/10.1145/3313831.3376840

Digital Library

[18]

Christina Katsini, Christos Fidas, Marios Belk, George Samaras, and Nikolaos Avouris. 2019. A Human-Cognitive Perspective of Users’ Password Choices in Recognition-Based Graphical Authentication. International Journal of Human-Computer Interaction 25, 19(2019), 1800–1812. https://doi.org/10.1080/10447318.2019.1574057

[19]

Christina Katsini, Christos Fidas, George E. Raptis, Marios Belk, George Samaras, and Nikolaos Avouris. 2018a. Eye Gaze-Driven Prediction of Cognitive Differences during Graphical Password Composition. In 23rd International Conference on Intelligent User Interfaces (Tokyo, Japan) (IUI ’18). ACM, New York, NY, USA, 147–152. https://doi.org/10.1145/3172944.3172996

Digital Library

[20]

Christina Katsini, Christos Fidas, George E. Raptis, Marios Belk, George Samaras, and Nikolaos Avouris. 2018b. Influences of Human Cognition and Visual Behavior on Password Strength During Picture Password Composition. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (Montreal QC, Canada) (CHI ’18). ACM, New York, NY, USA, Article 87, 14 pages. https://doi.org/10.1145/3173574.3173661

Digital Library

[21]

Christina Katsini, George E. Raptis, Christos Fidas, and Nikolaos Avouris. 2018c. Towards Gaze-based Quantification of the Security of Graphical Authentication Schemes. In Proceedings of the 2018 ACM Symposium on Eye Tracking Research & Applications (Warsaw, Poland) (ETRA ’18). ACM, New York, NY, USA, Article 17, 5 pages. https://doi.org/10.1145/3204493.3204589

Digital Library

[22]

Mohamed Khamis, Florian Alt, and Andreas Bulling. 2018a. The Past, Present, and Future of Gaze-enabled Handheld Mobile Devices: Survey and Lessons Learned. In Proceedings of the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (Barcelona, Spain) (MobileHCI ’18). ACM, New York, NY, USA. https://doi.org/10.1145/3229434.3229452

Digital Library

[23]

Mohamed Khamis, Carl Oechsner, Florian Alt, and Andreas Bulling. 2018b. VRpursuits: Interaction in Virtual Reality Using Smooth Pursuit Eye Movements. In Proceedings of the 2018 International Conference on Advanced Visual Interfaces(Castiglione della Pescaia, Grosseto, Italy) (AVI ’18). ACM, New York, NY, USA, Article 18, 8 pages. https://doi.org/10.1145/3206505.3206522

Digital Library

[24]

Mohamed Khamis, Ludwig Trotter, Ville Mäkelä, Emanuel von Zezschwitz, Jens Le, Andreas Bulling, and Florian Alt. 2018c. CueAuth: Comparing Touch, Mid-Air Gestures, and Gaze for Cue-based Authentication on Situated Displays. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 2, 4, Article 174 (Dec. 2018), 22 pages. https://doi.org/10.1145/3287052

Digital Library

[25]

Chandan Kumar, Daniyal Akbari, Raphael Menges, Scott MacKenzie, and Steffen Staab. 2019. TouchGazePath: Multimodal Interaction with Touch and Gaze Path for Secure Yet Efficient PIN Entry. In 2019 International Conference on Multimodal Interaction (Suzhou, China) (ICMI ’19). Association for Computing Machinery, New York, NY, USA, 329–338. https://doi.org/10.1145/3340555.3353734

[26]

Manu Kumar, Tal Garfinkel, Dan Boneh, and Terry Winograd. 2007. Reducing Shoulder-Surfing by Using Gaze-Based Password Entry. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS ’07). Association for Computing Machinery, New York, NY, USA, 13–19. https://doi.org/10.1145/1280680.1280683

Digital Library

[27]

Marte Loge, Markus Duermuth, and Lillian Rostad. 2016. On user choice for android unlock patterns. In European Workshop on Usable Security, ser. EuroUSEC, Vol. 16.

[28]

Ken Pfeuffer, Matthias J. Geiger, Sarah Prange, Lukas Mecke, Daniel Buschek, and Florian Alt. 2019. Behavioural Biometrics in VR: Identifying People from Body Motion and Relations in Virtual Reality. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (Glasgow, Scotland Uk) (CHI ’19). Association for Computing Machinery, New York, NY, USA, Article Paper 110, 12 pages. https://doi.org/10.1145/3290605.3300340

Digital Library

[29]

Ken Pfeuffer, Melodie Vidal, Jayson Turner, Andreas Bulling, and Hans Gellersen. 2013. Pursuit Calibration: Making Gaze Calibration Less Tedious and More Flexible. In Proceedings of the 26th Annual ACM Symposium on User Interface Software and Technology (St. Andrews, Scotland, United Kingdom) (UIST ’13). Association for Computing Machinery, New York, NY, USA, 261–270. https://doi.org/10.1145/2501988.2501998

Digital Library

[30]

Vijay Rajanna, Adil H. Malla, Rahul A. Bhagat, and Tracy Hammond. 2018. DyGazePass: A Gaze Gesture-based Dynamic Authentication System to Counter Shoulder Surfing and Video Analysis Attacks. In 2018 IEEE 4th International Conference on Identity, Security, and Behavior Analysis (ISBA). IEEE, USA, 1–8. https://doi.org/10.1109/ISBA.2018.8311458

[31]

Vijay Rajanna, Seth Polsley, Paul Taele, and Tracy Hammond. 2017. A Gaze Gesture-Based User Authentication System to Counter Shoulder-Surfing Attacks. In Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI EA ’17). ACM, New York, NY, USA, 1978–1986. https://doi.org/10.1145/3027063.3053070

Digital Library

[32]

Hananeh Salehifar, Peyman Bayat, and Mojtaba Amiri Majd. 2019. Eye Gesture Blink Password: A New Authentication System with High Memorable and Maximum Password Length. Multimedia Tools and Applications 78, 12 (Jun 2019), 16861–16885. https://doi.org/10.1007/s11042-018-7043-9

Digital Library

[33]

Ivo Sluganovic, Marc Roeschlin, Kasper B. Rasmussen, and Ivan Martinovic. 2018. Analysis of Reflexive Eye Movements for Fast Replay-Resistant Biometric Authentication. ACM Transactions on Privacy and Security 22, 1, Article 4 (Nov 2018), 30 pages. https://doi.org/10.1145/3281745

[34]

Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, and Thorsten Holz. 2013. Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (Berlin, Germany) (CCS ’13). Association for Computing Machinery, New York, NY, USA, 161–172. https://doi.org/10.1145/2508859.2516700

Digital Library

[35]

Emanuel von Zezschwitz. 2016. Risks and Potentials of Graphical and Gesture-based Authentication for Touchscreen Mobile Devices Balancing Usability and Security through User-centered Analysis and Design. PhD dissertation. Der Fakultät für Mathematik, Informatik und Statistik der Ludwig-Maximilians-Universität München.

[36]

Emanuel von Zezschwitz, Alexander De Luca, Philipp Janssen, and Heinrich Hussmann. 2015. Easy to Draw, but Hard to Trace? On the Observability of Grid-Based (Un)Lock Patterns. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI ’15). Association for Computing Machinery, New York, NY, USA, 2339–2342. https://doi.org/10.1145/2702123.2702202

[37]

Roman Weiss and Alexander De Luca. 2008. PassShapes: Utilizing Stroke Based Authentication to Increase Password Memorability. In Proceedings of the 5th Nordic Conference on Human-Computer Interaction: Building Bridges (Lund, Sweden) (NordiCHI ’08). Association for Computing Machinery, New York, NY, USA, 383–392. https://doi.org/10.1145/1463160.1463202

Digital Library

[38]

Guixin Ye, Zhanyong Tang, Dingyi Fang, Xiaojiang Chen, Kwang In Kim, Ben Taylor, and Zheng Wang. 2017. Cracking Android pattern lock in five attempts. In Proceedings of the 2017 Network and Distributed System Security Symposium 2017 (NDSS 17). Internet Society.

[39]

Youming Zhang, Jorma Laurikkala, and Martti Juhola. 2014. Biometric Verification of a Subject with Eye Movements, with Special Reference to Temporal Variability in Saccades between a Subject’s Measurements. International Journal of Biometrics 6, 1 (2014), 75. https://doi.org/10.1504/ijbm.2014.059643

Digital Library

Cited By

Hasan SGhani ADaud AAkbar HKhan M(2025)A Review on Secure Authentication Mechanisms for Mobile SecuritySensors10.3390/s2503070025:3(700)Online publication date: 24-Jan-2025
https://doi.org/10.3390/s25030700
Cilia NArena ABarbera ABorrello ECapizzi GCappello SFaletra LIncardone SSorce S(2024)A pilot study on gaze and mouse data for user identificationProceedings of the 2024 Symposium on Eye Tracking Research and Applications10.1145/3649902.3655647(1-3)Online publication date: 4-Jun-2024
https://dl.acm.org/doi/10.1145/3649902.3655647
Abdrabou YOmelina TDietz FKhamis MAlt FHassib M(2024)Where Do You Look When Unlocking Your Phone? : A Field Study of Gaze Behaviour During Smartphone UnlockExtended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3651094(1-7)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613905.3651094
Show More Cited By

Recommendations

Using gaze patterns to study and predict reading struggles due to distraction
CHI EA '11: CHI '11 Extended Abstracts on Human Factors in Computing Systems

We analyze gaze patterns to study how users in online reading environments cope with visual distraction, and we report gaze markers that identify reading difficulties due to distraction. The amount of visual distraction is varied from none, medium to ...
Auto-Calibrated Gaze Estimation Using Human Gaze Patterns

We present a novel method to auto-calibrate gaze estimators based on gaze patterns obtained from other viewers. Our method is based on the observation that the gaze patterns of humans are indicative of where a new viewer will look at. When a new viewer ...
Using Human Eye Gaze Patterns as Indicators of Need for Assistance from a Socially Assistive Robot
Social Robotics
Abstract
With current growth in social robotics comes a need for well developed and fine tuned agents which respond to the user in a seamless and intuitive manner. Socially assistive robots in particular have become popular for their uses in care for older ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ETRA '20 Short Papers: ACM Symposium on Eye Tracking Research and Applications

June 2020

305 pages

ISBN:9781450371346

DOI:10.1145/3379156

Editors:
Andreas Bulling
University of Stuttgart, Germany
,
Anke Huckauf
Ulm University, Germany
,
Eakta Jain
University of Florida, USA
,
Ralph Radach
University of Wuppertal, Germany
,
Daniel Weiskopf
University of Stuttgart, Germany

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Funding Sources

Deutsche Forschungsgemeinschaft
Royal Society of Edinburgh
Studienstiftung des deutschen Volkes

Conference

ETRA '20

Sponsor:

ETRA '20: 2020 Symposium on Eye Tracking Research and Applications

June 2 - 5, 2020

Stuttgart, Germany

Acceptance Rates

Overall Acceptance Rate 69 of 137 submissions, 50%

Upcoming Conference

ETRA '25

Sponsor:
sigchi
sigchi

2025 Symposium on Eye Tracking Research and Applications

May 26 - 29, 2025

Tokyo , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
217
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)2

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hasan SGhani ADaud AAkbar HKhan M(2025)A Review on Secure Authentication Mechanisms for Mobile SecuritySensors10.3390/s2503070025:3(700)Online publication date: 24-Jan-2025
https://doi.org/10.3390/s25030700
Cilia NArena ABarbera ABorrello ECapizzi GCappello SFaletra LIncardone SSorce S(2024)A pilot study on gaze and mouse data for user identificationProceedings of the 2024 Symposium on Eye Tracking Research and Applications10.1145/3649902.3655647(1-3)Online publication date: 4-Jun-2024
https://dl.acm.org/doi/10.1145/3649902.3655647
Abdrabou YOmelina TDietz FKhamis MAlt FHassib M(2024)Where Do You Look When Unlocking Your Phone? : A Field Study of Gaze Behaviour During Smartphone UnlockExtended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3651094(1-7)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613905.3651094
Kuang LZeng FJiang HLiu DLi JZheng HZhang QMin G(2024)DEyeAuth: A Secure Smartphone User Authentication System Integrating Eyelid Patterns With Eye GesturesIEEE Internet of Things Journal10.1109/JIOT.2024.340778011:18(30069-30083)Online publication date: 15-Sep-2024
https://doi.org/10.1109/JIOT.2024.3407780
Namnakani OAbdrabou YGrizou JEsteves AKhamis M(2023)Comparing Dwell time, Pursuits and Gaze Gestures for Gaze Interaction on Handheld Mobile DevicesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3580871(1-17)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3580871

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten