Abstract
A Personal Identification Number (PIN) is a widely adopted authentication method used by smartphones, ATMs, etc. PINs offer strong security and can be reset when compromised (unlike biometric authentication). However, PINs can be inaccessible for blind or low vision (BLV) users due to screen readers voicing PINs to bystanders or potential shoulder surfing attack risks---bystanders could watch the PIN being entered without the user noticing. To address this, we present OneButtonPIN, an interface to improve PIN entry accessibility and security for BLV users. Here, a single on-screen button, when pressed and held, triggers a haptic vibration sequence. A digit is entered by counting the vibrations and releasing the button. We explored introducing random timings to the vibration sequence to increase security. A week-long evaluation with 9 BLV participants and a security study with 10 sighted participants acting as shoulder surfers demonstrated OneButtonPIN's usability and resilience against eavesdropping.
Supplemental Material
- Ali Abdolrahmani, Ravi Kuber, and Amy Hurst. 2016. An Empirical Investigation of the Situationally-Induced Impairments Experienced by Blind Mobile Device Users. In Proceedings of the 13th International Web for All Conference (Montreal, Canada) (W4A '16). Association for Computing Machinery, New York, NY, USA, Article 21, 8 pages. https://doi.org/10.1145/2899475.2899482Google ScholarDigital Library
- Yasmeen Abdrabou, Mohamed Khamis, Rana Mohamed Eisa, Sherif Ismail, and Amrl Elmougy. 2019. Just Gaze and Wave: Exploring the Use of Gaze and Gestures for Shoulder-Surfing Resilient Authentication. In Proceedings of the 11th ACM Symposium on Eye Tracking Research & Applications (Denver, Colorado) (ETRA '19). Association for Computing Machinery, New York, NY, USA, Article 29, 10 pages. https://doi.org/10.1145/3314111.3319837Google ScholarDigital Library
- Tousif Ahmed, Roberto Hoyle, Kay Connelly, David Crandall, and Apu Kapadia. 2015. Privacy Concerns and Behaviors of People with Visual Impairments. Association for Computing Machinery, New York, NY, USA, 3523--3532. https: //doi-org.ezproxy.rit.edu/10.1145/2702123.2702334Google Scholar
- Arwa Al-Hussain and Iehab Al-Rassan. 2010. A Biometric-Based Authentication System for Web Services Mobile User. In Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia (Paris, France) (MoMM '10). Association for Computing Machinery, New York, NY, USA, 447--452. https://doi.org/10.1145/1971519.1971596Google ScholarDigital Library
- Mohammed Al-Sada, Shuma Toyama, and Tatsuo Nakajima. 2016. A Mobile VR Input Adaptation Architecture. In Proceedings of the 13th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (Hiroshima, Japan) (MOBIQUITOUS 2016). Association for Computing Machinery, New York, NY, USA, 286--287. https://doi.org/10.1145/2994374.3004073Google ScholarDigital Library
- Abdullah Ali, Adam J Aviv, and Ravi Kuber. 2016. Developing and evaluating a gestural and tactile mobile interface to support user authentication. UMBC Faculty Collection (2016).Google ScholarCross Ref
- Mrim Alnfiai and Srinivas Sampalli. 2019. BraillePassword: accessible web authentication technique on touchscreen devices. Journal of Ambient Intelligence and Humanized Computing 10, 6 (2019), 2375--2391.Google ScholarCross Ref
- Sarah Andrew, Stacey Watson, Tae Oh, and Garreth W. Tigwell. 2020. A Review of Literature on Accessibility and Authentication Techniques. In The 22nd International ACM SIGACCESS Conference on Computers and Accessibility (Virtual Event, Greece) (ASSETS '20). Association for Computing Machinery, New York, NY, USA, Article 55, 4 pages. https://doi.org/10.1145/3373625.3418005Google ScholarDigital Library
- Shravan Aras, Chris Gniady, and Hari Venugopalan. 2019. MultiLock: Biometric-Based Graded Authentication for Mobile Devices. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3360774.3360781Google ScholarDigital Library
- Adam J. Aviv, Flynn Wolf, and Ravi Kuber. 2018. Comparing Video Based Shoulder Surfing with Live Simulation. In Proceedings of the 34th Annual Computer Security Applications Conference (San Juan, PR, USA) (ACSAC '18). Association for Computing Machinery, New York, NY, USA, 453--466. https://doi.org/10.1145/3274694.3274702Google ScholarDigital Library
- Shiri Azenkot, Kyle Rector, Richard Ladner, and Jacob Wobbrock. 2012. PassChords: Secure Multi-Touch Authentication for Blind People. In Proceedings of the 14th International ACM SIGACCESS Conference on Computers and Accessibility (Boulder, Colorado, USA) (ASSETS '12). Association for Computing Machinery, New York, NY, USA, 159--166. https: //doi.org/10.1145/2384916.2384945Google ScholarDigital Library
- V. Balaji, K. S. Kuppusamy, and Shaikh Afzal. 2018. VIBI: A Braille Inspired Password Entry Model to Assist Person with Visual Impairments. In Smart Secure Systems -- IoT and Analytics Perspective, Guru Prasadh Venkataramani, Karthik Sankaranarayanan, Saswati Mukherjee, Kannan Arputharaj, and Swamynathan Sankara Narayanan (Eds.). SpringerSingapore, Singapore, 320--327.Google Scholar
- Andrea Bianchi, Ian Oakley, and Dong Soo Kwon. 2010. The Secure Haptic Keypad: A Tactile Password System. Association for Computing Machinery, New York, NY, USA, 1089--1092. https://doi-org.ezproxy.rit.edu/10.1145/1753326.1753488Google Scholar
- Andrea Bianchi, Ian Oakley, and Dong Soo Kwon. 2011. Spinlock: A single-cue haptic and audio PIN input technique for authentication. In International Workshop on Haptic and Audio Interaction Design. Springer, 81--90.Google ScholarCross Ref
- Andrea Bianchi, Ian Oakley, and Dong Soo Kwon. 2012. Counting clicks and beeps: Exploring numerosity based haptic and audio PIN entry. Interacting with Computers 24, 5 (2012), 409 -- 422. https://doi.org/10.1016/j.intcom.2012.06.005Google ScholarDigital Library
- Andrea Bianchi, Ian Oakley, Jong Keun Lee, and Dong Soo Kwon. 2010. The Haptic Wheel: Design & Evaluation of a Tactile Password System. Association for Computing Machinery, New York, NY, USA, 3625--3630. https://doiorg.ezproxy.rit.edu/10.1145/1753846.1754029Google Scholar
- Niall Bolger, Angelina Davis, and Eshkol Rafaeli. 2003. Diary methods: Capturing life as it is lived. Annual review of psychology 54, 1 (2003), 579--616.Google Scholar
- Daniella Briotto Faustino and Audrey Girouard. 2018. Bend Passwords on BendyPass: A User Authentication Method for People with Vision Impairment (ASSETS '18). Association for Computing Machinery, New York, NY, USA, 435--437. https://doi.org/10.1145/3234695.3241032Google ScholarDigital Library
- Daniella Briotto Faustino and Audrey Girouard. 2018. Understanding Authentication Method Use on Mobile Devices by People with Vision Impairment. In Proceedings of the 20th International ACM SIGACCESS Conference on Computers and Accessibility (Galway, Ireland) (ASSETS '18). Association for Computing Machinery, New York, NY, USA, 217--228. https://doi.org/10.1145/3234695.3236342Google ScholarDigital Library
- Naser Damer, Jonas Henry Grebe, Cong Chen, Fadi Boutros, Florian Kirchbuchner, and Arjan Kuijper. 2020. The Effect of Wearing a Mask on Face Recognition Performance: an Exploratory Study. arXiv:arXiv:2007.13521Google Scholar
- Priyanka Datta, Shanu Bhardwaj, S. N. Panda, Sarvesh Tanwar, and Sumit Badotra. 2020. Survey of Security and Privacy Issues on Biometric System. Springer International Publishing, Cham, 763--776. https://doi.org/10.1007/978--3-030- 22277--2_30Google Scholar
- Alexander De Luca, Emanuel von Zezschwitz, and Heinrich Hußmann. 2009. Vibrapass: Secure Authentication Based on Shared Lies. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Boston, MA, USA) (CHI '09). Association for Computing Machinery, New York, NY, USA, 913--916. https://doi.org/10.1145/1518701.1518840Google ScholarDigital Library
- Alexander De Luca, Roman Weiss, and Heiko Drewes. 2007. Evaluation of Eye-Gaze Interaction Methods for Security Enhanced PIN-Entry. In Proceedings of the 19th Australasian Conference on Computer-Human Interaction: Entertaining User Interfaces (Adelaide, Australia) (OZCHI '07). Association for Computing Machinery, New York, NY, USA, 199--202. https://doi.org/10.1145/1324892.1324932Google ScholarDigital Library
- Gloria Dhandapani, Jamie Ferguson, and Euan Freeman. 2021. HapticLock: Eyes-Free Authentication for Mobile Devices. Association for Computing Machinery, New York, NY, USA, 195--202. https://doi.org/10.1145/3462244.3481001Google ScholarDigital Library
- Paul A Grassi, James L Fenton, and Michael E Garcia. 2017. Digital Identity Guidelines [including updates as of 12-01--2017]. https://doi.org/10.6028/NIST.SP.800--63--3.Google Scholar
- Md Haque, Shams Zawoad, and Ragib Hasan. 2013. Secure Techniques and Methods for Authenticating Visually Impaired Mobile Phone Users. 2013 IEEE International Conference on Technologies for Homeland Security, HST 2013. https://doi.org/10.1109/THS.2013.6699095Google Scholar
- Marian Harbach, Alexander De Luca, and Serge Egelman. 2016. The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (San Jose, California, USA) (CHI '16). Association for Computing Machinery, New York, NY, USA, 4806--4817. https: //doi.org/10.1145/2858036.2858267Google ScholarDigital Library
- Sandra G. Hart and Lowell E. Staveland. 1988. Development of NASA-TLX (Task Load Index): Results of Empirical and Theoretical Research. 52 (1988), 139 -- 183. https://doi.org/10.1016/S0166--4115(08)62386--9Google Scholar
- Yean Li Ho, Bachir Bendrissou, Afizan Azman, and Siong Hoe Lau. 2017. BlindLogin: A Graphical Authentication System with Support for Blind and Visually Impaired users on Smartphones. American Journal of Applied Sciences 14, 5 (May. 2017), 551--559. https://doi.org/10.3844/ajassp.2017.551.559Google ScholarCross Ref
- Feng Hong, Meiyu Wei, Shujuan You, Yuan Feng, and Zhongwen Guo. 2015. Waving Authentication: Your Smartphone Authenticate You on Motion Gesture. In Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI EA '15). Association for Computing Machinery, New York, NY, USA, 263--266. https://doi.org/10.1145/2702613.2725444Google ScholarDigital Library
- Mohit Jain, Nirmalendu Diwakar, and Manohar Swaminathan. 2021. Smartphone Usage by Expert Blind Users. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI '21). Association for Computing Machinery, New York, NY, USA, Article 34, 15 pages. https://doi.org/10.1145/3411764.3445074Google ScholarDigital Library
- Mohamed Khamis, Mariam Hassib, Emanuel von Zezschwitz, Andreas Bulling, and Florian Alt. 2017. GazeTouchPIN: Protecting Sensitive Data on Mobile Devices Using Secure Multimodal Authentication. In Proceedings of the 19th ACM International Conference on Multimodal Interaction (Glasgow, UK) (ICMI '17). Association for Computing MachineryNew York, NY, USA, 446--450. https://doi.org/10.1145/3136755.3136809Google ScholarDigital Library
- Mohamed Khamis, Tobias Seitz, Leonhard Mertl, Alice Nguyen, Mario Schneller, and Zhe Li. 2019. Passquerade: Improving Error Correction of Text Passwords on Mobile Devices by Using Graphic Filters for Password Masking. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (Glasgow, Scotland Uk) (CHI '19). Association for Computing Machinery, New York, NY, USA, 1--8. https://doi.org/10.1145/3290605.3300916Google ScholarDigital Library
- Katharina Krombholz, Thomas Hupperich, and Thorsten Holz. 2017. May the Force Be with You: The Future of Force-Sensitive Authentication. IEEE Internet Computing 21, 3 (2017), 64--69. https://doi.org/10.1109/MIC.2017.78Google ScholarDigital Library
- Ravi Kuber and Shiva Sharma. 2010. Toward Tactile Authentication for Blind Users. In Proceedings of the 12th International ACM SIGACCESS Conference on Computers and Accessibility (Orlando, Florida, USA) (ASSETS '10). Association for Computing Machinery, New York, NY, USA, 289--290. https://doi.org/10.1145/1878803.1878875Google ScholarDigital Library
- Ravi Kuber and Wai Yu. 2010. Feasibility study of tactile-based authentication. International Journal of Human-Computer Studies 68, 3 (2010), 158--181. https://doi.org/10.1016/j.ijhcs.2009.11.001Google ScholarDigital Library
- Manu Kumar, Tal Garfinkel, Dan Boneh, and Terry Winograd. 2007. Reducing Shoulder-Surfing by Using Gaze-Based Password Entry. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS '07). Association for Computing Machinery, New York, NY, USA, 13--19. https://doi.org/10.1145/1280680. 1280683Google ScholarDigital Library
- Jonathan Lazar, Jinjuan Heidi Feng, and Harry Hochheiser. 2017. Research methods in Human-Computer interaction. Morgan Kaufmann.Google Scholar
- Yi-Chi Liao, Yen-Chiu Chen, Liwei Chan, and Bing-Yu Chen. 2017. Dwell+: Multi-Level Mode Selection Using Vibrotactile Cues. In Proceedings of the 30th Annual ACM Symposium on User Interface Software and Technology (Québec City, QC, Canada) (UIST '17). Association for Computing Machinery, New York, NY, USA, 5--16. https: //doi.org/10.1145/3126594.3126627Google ScholarDigital Library
- Sylvan Lobo, Ulemba Hirom, V. S. Shyama, Mridul Basumatori, and Pankaj Doke. 2017. Coping with Accessibility Challenges for Security - A User Study with Blind Smartphone Users. In Human-Computer Interaction -- INTERACT 2017, Regina Bernhaupt, Girish Dalvi, Anirudha Joshi, Devanuj K. Balkrishan, Jacki O'Neill, and Marco Winckler (Eds.). Springer International Publishing, Cham, 3--22.Google ScholarDigital Library
- Adithya Madhusoodanan, Anand Kumar, Kieran Fraser, and Bilal Yousuf. 2020. Machine Learning Approach to Manage Adaptive Push Notifications for Improving User Experience. In MobiQuitous 2020 - 17th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (Darmstadt, Germany) (MobiQuitous '20). Association for Computing Machinery, New York, NY, USA, 488--493. https://doi.org/10.1145/3448891.3448956Google ScholarDigital Library
- Karola Marky, Martin Schmitz, Verena Zimmermann, Martin Herbers, Kai Kunze, and Max Mühlhäuser. 2020. 3D-Auth: Two-Factor Authentication with Personalized 3D-Printed Items. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI '20). Association for Computing Machinery, New York, NY, USA, 1--12. https://doi.org/10.1145/3313831.3376189Google ScholarDigital Library
- M. A. Olsen, M. Dusio, and C. Busch. 2015. Fingerprint skin moisture impact on biometric performance. In 3rd International Workshop on Biometrics and Forensics (IWBF 2015). 1--6.Google ScholarCross Ref
- J. Potocny, S. McNulty, K. Maiga, and M. H. Zadeh. 2015. On the Incorporation of Haptic Effects in Security Authentication. In 2015 IEEE International Conference on Systems, Man, and Cybernetics. 469--473.Google Scholar
- R. Ramachandra, S. Venkatesh, K. B. Raja, S. Bhattacharjee, P. Wasnik, S. Marcel, and C. Busch. 2019. Custom silicone Face Masks: Vulnerability of Commercial Face Recognition Systems Presentation Attack Detection. In 2019 7th International Workshop on Biometrics and Forensics (IWBF). 1--6.Google Scholar
- Arpita Sarkar and Binod Kr Singh. 2020. A review on performance,security and various biometric template protection schemes for biometric authentication systems. Multimedia Tools and Applications (2020), 1 -- 56.Google Scholar
- Sidas Saulynas and Ravi Kuber. 2017. Towards Brain-Computer Interface (BCI) and Gestural-Based Authentication for Individuals Who Are Blind. In Proceedings of the 19th International ACM SIGACCESS Conference on Computers and Accessibility (Baltimore, Maryland, USA) (ASSETS '17). Association for Computing Machinery, New York, NY, USA, 403--404. https://doi.org/10.1145/3132525.3134785Google ScholarDigital Library
- Katie A Siek, Yvonne Rogers, and Kay H Connelly. 2005. Fat finger worries: how older and younger users physically interact with PDAs. In IFIP Conference on Human-Computer Interaction. Springer, 267--280.Google ScholarDigital Library
- Ivo Sluganovic, Marc Roeschlin, Kasper B. Rasmussen, and Ivan Martinovic. 2016. Using Reflexive Eye Movements for Fast Challenge-Response Authentication. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Vienna, Austria) (CCS '16). Association for Computing Machinery, New York, NY, USA, 1056--1067. https://doi.org/10.1145/2976749.2978311Google ScholarDigital Library
- Manisha Varma, Stacey Watson, Liwei Chan, and Roshan Peiris. 2022. VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks. In HCI for Cybersecurity, Privacy and Trust, Abbas Moallem (Ed.). Springer International Publishing, Cham, 280--303.Google Scholar
- Emanuel von Zezschwitz, Alexander De Luca, Bruno Brunkow, and Heinrich Hussmann. 2015. SwiPIN: Fast and Secure PIN-Entry on Smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI '15). Association for Computing Machinery, New York, NY, USA, 1403--1406. https://doi.org/10.1145/2702123.2702212Google ScholarDigital Library
- F. Wolf. 2017. Design of a Tactile Aid for Non-Observable Mobile Authentication to Address Observation Attacks.Google Scholar
- Flynn Wolf, Ravi Kuber, and Adam J. Aviv. 2017. Perceptions of Mobile Device Authentication Mechanisms by Individuals Who Are Blind. In Proceedings of the 19th International ACM SIGACCESS Conference on Computers and Accessibility (Baltimore, Maryland, USA) (ASSETS '17). Association for Computing Machinery, New York, NY, USA, 385--386. https://doi.org/10.1145/3132525.3134793Google ScholarDigital Library
Index Terms
- OneButtonPIN: A Single Button Authentication Method for Blind or Low Vision Users to Improve Accessibility and Prevent Eavesdropping
Recommendations
VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks
HCI for Cybersecurity, Privacy and TrustAbstractPIN (Personal Identification Number) code entry is a widely used authentication method used on smartphones, ATMs, etc. However, it is typically subject to shoulder surfing attacks where, a bystander may observe the user’s keypad during PIN code ...
Multi-factor biometrics for authentication: a false sense of security
MM&Sec '10: Proceedings of the 12th ACM workshop on Multimedia and securityMulti-factor biometric authentications have been proposed recently to strengthen security and/or privacy of biometric systems in addition to enhancing authentication accuracy. An important approach to multi-factor biometric authentication is to apply ...
Personal Authentication Mechanism Based on Finger Knuckle Print
For authentication purposes, the identification and verification of a user is done by biometric traits like finger print, face, iris and gait, etc. Among the various traits finger print is mostly used in commercial applications for recognizing user's ...
Comments