research-article

OneButtonPIN: A Single Button Authentication Method for Blind or Low Vision Users to Improve Accessibility and Prevent Eavesdropping

Authors:
Manisha Varma Kamarushi

Rochester Institute of Technology, Rochester, NY, USA

Rochester Institute of Technology, Rochester, NY, USA
View Profile

,
Stacey L. Watson

University of Waterloo, Waterloo, ON, Canada

University of Waterloo, Waterloo, ON, Canada
View Profile

,
Garreth W. Tigwell

Rochester Institute of Technology, Rochester, NY, USA

Rochester Institute of Technology, Rochester, NY, USA
View Profile

,
Roshan L. Peiris

Rochester Institute of Technology, Rochester, NY, USA

Rochester Institute of Technology, Rochester, NY, USA
View Profile

Proceedings of the ACM on Human-Computer Interaction Volume 6 Issue MHCIArticle No.: 212pp 1–22https://doi.org/10.1145/3546747

Published:20 September 2022Publication History

Proceedings of the ACM on Human-Computer Interaction

Abstract

A Personal Identification Number (PIN) is a widely adopted authentication method used by smartphones, ATMs, etc. PINs offer strong security and can be reset when compromised (unlike biometric authentication). However, PINs can be inaccessible for blind or low vision (BLV) users due to screen readers voicing PINs to bystanders or potential shoulder surfing attack risks---bystanders could watch the PIN being entered without the user noticing. To address this, we present OneButtonPIN, an interface to improve PIN entry accessibility and security for BLV users. Here, a single on-screen button, when pressed and held, triggers a haptic vibration sequence. A digit is entered by counting the vibrations and releasing the button. We explored introducing random timings to the vibration sequence to increase security. A week-long evaluation with 9 BLV participants and a security study with 10 sighted participants acting as shoulder surfers demonstrated OneButtonPIN's usability and resilience against eavesdropping.

Supplemental Material

v6mhci212.mp4

mp4

161.9 MB

Download

References

Ali Abdolrahmani, Ravi Kuber, and Amy Hurst. 2016. An Empirical Investigation of the Situationally-Induced Impairments Experienced by Blind Mobile Device Users. In Proceedings of the 13th International Web for All Conference (Montreal, Canada) (W4A '16). Association for Computing Machinery, New York, NY, USA, Article 21, 8 pages. https://doi.org/10.1145/2899475.2899482Google ScholarDigital Library
Yasmeen Abdrabou, Mohamed Khamis, Rana Mohamed Eisa, Sherif Ismail, and Amrl Elmougy. 2019. Just Gaze and Wave: Exploring the Use of Gaze and Gestures for Shoulder-Surfing Resilient Authentication. In Proceedings of the 11th ACM Symposium on Eye Tracking Research & Applications (Denver, Colorado) (ETRA '19). Association for Computing Machinery, New York, NY, USA, Article 29, 10 pages. https://doi.org/10.1145/3314111.3319837Google ScholarDigital Library
Tousif Ahmed, Roberto Hoyle, Kay Connelly, David Crandall, and Apu Kapadia. 2015. Privacy Concerns and Behaviors of People with Visual Impairments. Association for Computing Machinery, New York, NY, USA, 3523--3532. https: //doi-org.ezproxy.rit.edu/10.1145/2702123.2702334Google Scholar
Arwa Al-Hussain and Iehab Al-Rassan. 2010. A Biometric-Based Authentication System for Web Services Mobile User. In Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia (Paris, France) (MoMM '10). Association for Computing Machinery, New York, NY, USA, 447--452. https://doi.org/10.1145/1971519.1971596Google ScholarDigital Library
Mohammed Al-Sada, Shuma Toyama, and Tatsuo Nakajima. 2016. A Mobile VR Input Adaptation Architecture. In Proceedings of the 13th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (Hiroshima, Japan) (MOBIQUITOUS 2016). Association for Computing Machinery, New York, NY, USA, 286--287. https://doi.org/10.1145/2994374.3004073Google ScholarDigital Library
Abdullah Ali, Adam J Aviv, and Ravi Kuber. 2016. Developing and evaluating a gestural and tactile mobile interface to support user authentication. UMBC Faculty Collection (2016).Google ScholarCross Ref
Mrim Alnfiai and Srinivas Sampalli. 2019. BraillePassword: accessible web authentication technique on touchscreen devices. Journal of Ambient Intelligence and Humanized Computing 10, 6 (2019), 2375--2391.Google ScholarCross Ref
Sarah Andrew, Stacey Watson, Tae Oh, and Garreth W. Tigwell. 2020. A Review of Literature on Accessibility and Authentication Techniques. In The 22nd International ACM SIGACCESS Conference on Computers and Accessibility (Virtual Event, Greece) (ASSETS '20). Association for Computing Machinery, New York, NY, USA, Article 55, 4 pages. https://doi.org/10.1145/3373625.3418005Google ScholarDigital Library
Shravan Aras, Chris Gniady, and Hari Venugopalan. 2019. MultiLock: Biometric-Based Graded Authentication for Mobile Devices. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3360774.3360781Google ScholarDigital Library
Adam J. Aviv, Flynn Wolf, and Ravi Kuber. 2018. Comparing Video Based Shoulder Surfing with Live Simulation. In Proceedings of the 34th Annual Computer Security Applications Conference (San Juan, PR, USA) (ACSAC '18). Association for Computing Machinery, New York, NY, USA, 453--466. https://doi.org/10.1145/3274694.3274702Google ScholarDigital Library
Shiri Azenkot, Kyle Rector, Richard Ladner, and Jacob Wobbrock. 2012. PassChords: Secure Multi-Touch Authentication for Blind People. In Proceedings of the 14th International ACM SIGACCESS Conference on Computers and Accessibility (Boulder, Colorado, USA) (ASSETS '12). Association for Computing Machinery, New York, NY, USA, 159--166. https: //doi.org/10.1145/2384916.2384945Google ScholarDigital Library
V. Balaji, K. S. Kuppusamy, and Shaikh Afzal. 2018. VIBI: A Braille Inspired Password Entry Model to Assist Person with Visual Impairments. In Smart Secure Systems -- IoT and Analytics Perspective, Guru Prasadh Venkataramani, Karthik Sankaranarayanan, Saswati Mukherjee, Kannan Arputharaj, and Swamynathan Sankara Narayanan (Eds.). SpringerSingapore, Singapore, 320--327.Google Scholar
Andrea Bianchi, Ian Oakley, and Dong Soo Kwon. 2010. The Secure Haptic Keypad: A Tactile Password System. Association for Computing Machinery, New York, NY, USA, 1089--1092. https://doi-org.ezproxy.rit.edu/10.1145/1753326.1753488Google Scholar
Andrea Bianchi, Ian Oakley, and Dong Soo Kwon. 2011. Spinlock: A single-cue haptic and audio PIN input technique for authentication. In International Workshop on Haptic and Audio Interaction Design. Springer, 81--90.Google ScholarCross Ref
Andrea Bianchi, Ian Oakley, and Dong Soo Kwon. 2012. Counting clicks and beeps: Exploring numerosity based haptic and audio PIN entry. Interacting with Computers 24, 5 (2012), 409 -- 422. https://doi.org/10.1016/j.intcom.2012.06.005Google ScholarDigital Library
Andrea Bianchi, Ian Oakley, Jong Keun Lee, and Dong Soo Kwon. 2010. The Haptic Wheel: Design & Evaluation of a Tactile Password System. Association for Computing Machinery, New York, NY, USA, 3625--3630. https://doiorg.ezproxy.rit.edu/10.1145/1753846.1754029Google Scholar
Niall Bolger, Angelina Davis, and Eshkol Rafaeli. 2003. Diary methods: Capturing life as it is lived. Annual review of psychology 54, 1 (2003), 579--616.Google Scholar
Daniella Briotto Faustino and Audrey Girouard. 2018. Bend Passwords on BendyPass: A User Authentication Method for People with Vision Impairment (ASSETS '18). Association for Computing Machinery, New York, NY, USA, 435--437. https://doi.org/10.1145/3234695.3241032Google ScholarDigital Library
Daniella Briotto Faustino and Audrey Girouard. 2018. Understanding Authentication Method Use on Mobile Devices by People with Vision Impairment. In Proceedings of the 20th International ACM SIGACCESS Conference on Computers and Accessibility (Galway, Ireland) (ASSETS '18). Association for Computing Machinery, New York, NY, USA, 217--228. https://doi.org/10.1145/3234695.3236342Google ScholarDigital Library
Naser Damer, Jonas Henry Grebe, Cong Chen, Fadi Boutros, Florian Kirchbuchner, and Arjan Kuijper. 2020. The Effect of Wearing a Mask on Face Recognition Performance: an Exploratory Study. arXiv:arXiv:2007.13521Google Scholar
Priyanka Datta, Shanu Bhardwaj, S. N. Panda, Sarvesh Tanwar, and Sumit Badotra. 2020. Survey of Security and Privacy Issues on Biometric System. Springer International Publishing, Cham, 763--776. https://doi.org/10.1007/978--3-030- 22277--2_30Google Scholar
Alexander De Luca, Emanuel von Zezschwitz, and Heinrich Hußmann. 2009. Vibrapass: Secure Authentication Based on Shared Lies. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Boston, MA, USA) (CHI '09). Association for Computing Machinery, New York, NY, USA, 913--916. https://doi.org/10.1145/1518701.1518840Google ScholarDigital Library
Alexander De Luca, Roman Weiss, and Heiko Drewes. 2007. Evaluation of Eye-Gaze Interaction Methods for Security Enhanced PIN-Entry. In Proceedings of the 19th Australasian Conference on Computer-Human Interaction: Entertaining User Interfaces (Adelaide, Australia) (OZCHI '07). Association for Computing Machinery, New York, NY, USA, 199--202. https://doi.org/10.1145/1324892.1324932Google ScholarDigital Library
Gloria Dhandapani, Jamie Ferguson, and Euan Freeman. 2021. HapticLock: Eyes-Free Authentication for Mobile Devices. Association for Computing Machinery, New York, NY, USA, 195--202. https://doi.org/10.1145/3462244.3481001Google ScholarDigital Library
Paul A Grassi, James L Fenton, and Michael E Garcia. 2017. Digital Identity Guidelines [including updates as of 12-01--2017]. https://doi.org/10.6028/NIST.SP.800--63--3.Google Scholar
Md Haque, Shams Zawoad, and Ragib Hasan. 2013. Secure Techniques and Methods for Authenticating Visually Impaired Mobile Phone Users. 2013 IEEE International Conference on Technologies for Homeland Security, HST 2013. https://doi.org/10.1109/THS.2013.6699095Google Scholar
Marian Harbach, Alexander De Luca, and Serge Egelman. 2016. The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (San Jose, California, USA) (CHI '16). Association for Computing Machinery, New York, NY, USA, 4806--4817. https: //doi.org/10.1145/2858036.2858267Google ScholarDigital Library
Sandra G. Hart and Lowell E. Staveland. 1988. Development of NASA-TLX (Task Load Index): Results of Empirical and Theoretical Research. 52 (1988), 139 -- 183. https://doi.org/10.1016/S0166--4115(08)62386--9Google Scholar
Yean Li Ho, Bachir Bendrissou, Afizan Azman, and Siong Hoe Lau. 2017. BlindLogin: A Graphical Authentication System with Support for Blind and Visually Impaired users on Smartphones. American Journal of Applied Sciences 14, 5 (May. 2017), 551--559. https://doi.org/10.3844/ajassp.2017.551.559Google ScholarCross Ref
Feng Hong, Meiyu Wei, Shujuan You, Yuan Feng, and Zhongwen Guo. 2015. Waving Authentication: Your Smartphone Authenticate You on Motion Gesture. In Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI EA '15). Association for Computing Machinery, New York, NY, USA, 263--266. https://doi.org/10.1145/2702613.2725444Google ScholarDigital Library
Mohit Jain, Nirmalendu Diwakar, and Manohar Swaminathan. 2021. Smartphone Usage by Expert Blind Users. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI '21). Association for Computing Machinery, New York, NY, USA, Article 34, 15 pages. https://doi.org/10.1145/3411764.3445074Google ScholarDigital Library
Mohamed Khamis, Mariam Hassib, Emanuel von Zezschwitz, Andreas Bulling, and Florian Alt. 2017. GazeTouchPIN: Protecting Sensitive Data on Mobile Devices Using Secure Multimodal Authentication. In Proceedings of the 19th ACM International Conference on Multimodal Interaction (Glasgow, UK) (ICMI '17). Association for Computing MachineryNew York, NY, USA, 446--450. https://doi.org/10.1145/3136755.3136809Google ScholarDigital Library
Mohamed Khamis, Tobias Seitz, Leonhard Mertl, Alice Nguyen, Mario Schneller, and Zhe Li. 2019. Passquerade: Improving Error Correction of Text Passwords on Mobile Devices by Using Graphic Filters for Password Masking. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (Glasgow, Scotland Uk) (CHI '19). Association for Computing Machinery, New York, NY, USA, 1--8. https://doi.org/10.1145/3290605.3300916Google ScholarDigital Library
Katharina Krombholz, Thomas Hupperich, and Thorsten Holz. 2017. May the Force Be with You: The Future of Force-Sensitive Authentication. IEEE Internet Computing 21, 3 (2017), 64--69. https://doi.org/10.1109/MIC.2017.78Google ScholarDigital Library
Ravi Kuber and Shiva Sharma. 2010. Toward Tactile Authentication for Blind Users. In Proceedings of the 12th International ACM SIGACCESS Conference on Computers and Accessibility (Orlando, Florida, USA) (ASSETS '10). Association for Computing Machinery, New York, NY, USA, 289--290. https://doi.org/10.1145/1878803.1878875Google ScholarDigital Library
Ravi Kuber and Wai Yu. 2010. Feasibility study of tactile-based authentication. International Journal of Human-Computer Studies 68, 3 (2010), 158--181. https://doi.org/10.1016/j.ijhcs.2009.11.001Google ScholarDigital Library
Manu Kumar, Tal Garfinkel, Dan Boneh, and Terry Winograd. 2007. Reducing Shoulder-Surfing by Using Gaze-Based Password Entry. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS '07). Association for Computing Machinery, New York, NY, USA, 13--19. https://doi.org/10.1145/1280680. 1280683Google ScholarDigital Library
Jonathan Lazar, Jinjuan Heidi Feng, and Harry Hochheiser. 2017. Research methods in Human-Computer interaction. Morgan Kaufmann.Google Scholar
Yi-Chi Liao, Yen-Chiu Chen, Liwei Chan, and Bing-Yu Chen. 2017. Dwell+: Multi-Level Mode Selection Using Vibrotactile Cues. In Proceedings of the 30th Annual ACM Symposium on User Interface Software and Technology (Québec City, QC, Canada) (UIST '17). Association for Computing Machinery, New York, NY, USA, 5--16. https: //doi.org/10.1145/3126594.3126627Google ScholarDigital Library
Sylvan Lobo, Ulemba Hirom, V. S. Shyama, Mridul Basumatori, and Pankaj Doke. 2017. Coping with Accessibility Challenges for Security - A User Study with Blind Smartphone Users. In Human-Computer Interaction -- INTERACT 2017, Regina Bernhaupt, Girish Dalvi, Anirudha Joshi, Devanuj K. Balkrishan, Jacki O'Neill, and Marco Winckler (Eds.). Springer International Publishing, Cham, 3--22.Google ScholarDigital Library
Adithya Madhusoodanan, Anand Kumar, Kieran Fraser, and Bilal Yousuf. 2020. Machine Learning Approach to Manage Adaptive Push Notifications for Improving User Experience. In MobiQuitous 2020 - 17th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (Darmstadt, Germany) (MobiQuitous '20). Association for Computing Machinery, New York, NY, USA, 488--493. https://doi.org/10.1145/3448891.3448956Google ScholarDigital Library
Karola Marky, Martin Schmitz, Verena Zimmermann, Martin Herbers, Kai Kunze, and Max Mühlhäuser. 2020. 3D-Auth: Two-Factor Authentication with Personalized 3D-Printed Items. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI '20). Association for Computing Machinery, New York, NY, USA, 1--12. https://doi.org/10.1145/3313831.3376189Google ScholarDigital Library
M. A. Olsen, M. Dusio, and C. Busch. 2015. Fingerprint skin moisture impact on biometric performance. In 3rd International Workshop on Biometrics and Forensics (IWBF 2015). 1--6.Google ScholarCross Ref
J. Potocny, S. McNulty, K. Maiga, and M. H. Zadeh. 2015. On the Incorporation of Haptic Effects in Security Authentication. In 2015 IEEE International Conference on Systems, Man, and Cybernetics. 469--473.Google Scholar
R. Ramachandra, S. Venkatesh, K. B. Raja, S. Bhattacharjee, P. Wasnik, S. Marcel, and C. Busch. 2019. Custom silicone Face Masks: Vulnerability of Commercial Face Recognition Systems Presentation Attack Detection. In 2019 7th International Workshop on Biometrics and Forensics (IWBF). 1--6.Google Scholar
Arpita Sarkar and Binod Kr Singh. 2020. A review on performance,security and various biometric template protection schemes for biometric authentication systems. Multimedia Tools and Applications (2020), 1 -- 56.Google Scholar
Sidas Saulynas and Ravi Kuber. 2017. Towards Brain-Computer Interface (BCI) and Gestural-Based Authentication for Individuals Who Are Blind. In Proceedings of the 19th International ACM SIGACCESS Conference on Computers and Accessibility (Baltimore, Maryland, USA) (ASSETS '17). Association for Computing Machinery, New York, NY, USA, 403--404. https://doi.org/10.1145/3132525.3134785Google ScholarDigital Library
Katie A Siek, Yvonne Rogers, and Kay H Connelly. 2005. Fat finger worries: how older and younger users physically interact with PDAs. In IFIP Conference on Human-Computer Interaction. Springer, 267--280.Google ScholarDigital Library
Ivo Sluganovic, Marc Roeschlin, Kasper B. Rasmussen, and Ivan Martinovic. 2016. Using Reflexive Eye Movements for Fast Challenge-Response Authentication. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Vienna, Austria) (CCS '16). Association for Computing Machinery, New York, NY, USA, 1056--1067. https://doi.org/10.1145/2976749.2978311Google ScholarDigital Library
Manisha Varma, Stacey Watson, Liwei Chan, and Roshan Peiris. 2022. VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks. In HCI for Cybersecurity, Privacy and Trust, Abbas Moallem (Ed.). Springer International Publishing, Cham, 280--303.Google Scholar
Emanuel von Zezschwitz, Alexander De Luca, Bruno Brunkow, and Heinrich Hussmann. 2015. SwiPIN: Fast and Secure PIN-Entry on Smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI '15). Association for Computing Machinery, New York, NY, USA, 1403--1406. https://doi.org/10.1145/2702123.2702212Google ScholarDigital Library
F. Wolf. 2017. Design of a Tactile Aid for Non-Observable Mobile Authentication to Address Observation Attacks.Google Scholar
Flynn Wolf, Ravi Kuber, and Adam J. Aviv. 2017. Perceptions of Mobile Device Authentication Mechanisms by Individuals Who Are Blind. In Proceedings of the 19th International ACM SIGACCESS Conference on Computers and Accessibility (Baltimore, Maryland, USA) (ASSETS '17). Association for Computing Machinery, New York, NY, USA, 385--386. https://doi.org/10.1145/3132525.3134793Google ScholarDigital Library

Index Terms

OneButtonPIN: A Single Button Authentication Method for Blind or Low Vision Users to Improve Accessibility and Prevent Eavesdropping
1. Human-centered computing
  1. Accessibility
    1. Accessibility technologies
2. Security and privacy
  1. Security services
    1. Authentication

Recommendations

VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks
HCI for Cybersecurity, Privacy and Trust
Abstract
PIN (Personal Identification Number) code entry is a widely used authentication method used on smartphones, ATMs, etc. However, it is typically subject to shoulder surfing attacks where, a bystander may observe the user’s keypad during PIN code ...
Read More
Multi-factor biometrics for authentication: a false sense of security
MM&Sec '10: Proceedings of the 12th ACM workshop on Multimedia and security

Multi-factor biometric authentications have been proposed recently to strengthen security and/or privacy of biometric systems in addition to enhancing authentication accuracy. An important approach to multi-factor biometric authentication is to apply ...
Read More
Personal Authentication Mechanism Based on Finger Knuckle Print

For authentication purposes, the identification and verification of a user is done by biometric traits like finger print, face, iris and gait, etc. Among the various traits finger print is mostly used in commercial applications for recognizing user's ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Proceedings of the ACM on Human-Computer Interaction Volume 6, Issue MHCI
MHCI
September 2022
852 pages
EISSN:2573-0142
DOI:10.1145/3564624
Editor:
Jeff Nichols
Apple Inc., United States
Issue’s Table of Contents
Copyright © 2022 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 20 September 2022
Published in pacmhci Volume 6, Issue MHCI

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Badges
- Best Paper
Author Tags
accessible authentication
authentication
blind and low vision users
pin codes
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 352
  Total Downloads
- Downloads (Last 12 months)163
- Downloads (Last 6 weeks)22
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

OneButtonPIN: A Single Button Authentication Method for Blind or Low Vision Users to Improve Accessibility and Prevent Eavesdropping

Proceedings of the ACM on Human-Computer Interaction

Abstract

Supplemental Material

References

Cited By

Index Terms

Recommendations

VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks

Multi-factor biometrics for authentication: a false sense of security

Personal Authentication Mechanism Based on Finger Knuckle Print