skip to main content
10.1145/1753326.1753491acmconferencesArticle/Chapter ViewAbstractPublication PageschiConference Proceedingsconference-collections
research-article

Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords

Published: 10 April 2010 Publication History

Abstract

We present Cued Gaze-Points (CGP) as a shoulder-surfing resistant cued-recall graphical password scheme where users gaze instead of mouse-click. This approach has several advantages over similar eye-gaze systems, including a larger password space and its cued-recall nature that can help users remember multiple distinct passwords. Our 45-participant lab study is the first evaluation of gaze-based password entry via user-selected points on images. CGP's usability is potentially acceptable, warranting further refinement and study.

Supplementary Material

JPG File (1753491.jpg)
index.html (index.html)
Slides from the presentation
Audio only (1753491.mp3)
Video (1753491.mp4)

References

[1]
R. Biddle, S. Chiasson, and P.C. van Oorschot. Graphical passwords: Learning from the first generation. Technical Report TR-09-09, School of Computer Science, Carleton University, 2009.
[2]
S. Chiasson, A. Forget, R. Biddle, and P.C. van Oorschot. Influencing users towards better passwords: Persuasive Cued Click-Points. In BCS-HCI '08: People and Computers XXII. British Computer Society, 2008.
[3]
S. Chiasson, A. Forget, R. Biddle, and P.C. van Oorschot. User interface design affects security: Patterns in click-based graphical passwords. Int. J. Information Security, 8(6), 2009.
[4]
S. Chiasson, P.C. van Oorschot, and R. Biddle. Graphical password authentication using Cued Click Points. In ESORICS, LNCS 4734, 2007.
[5]
S. Chiasson, J. Srinivasan, R. Biddle, and P.C. van Oorschot. Centered discretization with application to graphical passwords. In UPSEC, 2008.
[6]
A. De Luca, M. Denzel, and H. Hussmann. Look into my eyes! Can you guess my password? In SOUPS. ACM, 2009.
[7]
A. Dirik, N. Menon, and J. Birget. Modeling user choice in the PassPoints graphical password scheme. In SOUPS. ACM, 2007.
[8]
A. Duchowski. Eye Tracking Methodology: Theory and Practice. Springer, 2nd edition, 2007.
[9]
P. Dunphy, A. Fitch, and P. Olivier. Gaze-contingent passwords at the ATM. In COGAIN, 2008.
[10]
A. Forget, S. Chiasson, P.C. van Oorschot, and R. Biddle. Improving text passwords through persuasion. In SOUPS. ACM, 2008.
[11]
R. Jacob and K. Karn. Eye tracking in human-computer interaction and usability research: Ready to deliver the promises. In J. Hyona, R. Radach, and H. Deubel, eds., The Mind's Eye: Cognitive and Applied Aspects of Eye Movement Research, chapter 4 commentary. Elsevier Science, 2003.
[12]
S. Komanduri and D. Hutchings. Order and entropy in picture passwords. In GI. ACM, 2008.
[13]
M. Kumar, T. Garfinkel, D. Boneh, and T. Winograd. Reducing shoulder-surfing by using gaze-based password entry. In SOUPS. ACM, 2007.
[14]
D. Nelson, V. Reed, and J. Walling. Pictorial superiority effect. Journal of Experimental Psychology: Human Learning and Memory, 2(5), 1976.
[15]
P.C. van Oorschot and J. Thorpe. On predicting and exploiting hot-spots in click-based graphical passwords. Technical Report TR-08-21, School of Computer Science, Carleton University, 2008.
[16]
V. Roth, K. Richter, and R. Freidinger. A PIN-entry method resiliant against shoulder surfing. In CCS. ACM, 2004.
[17]
X. Suo, Y. Zhu, and G. Owen. Graphical passwords: A survey. In ACSAC. IEEE, 2005.
[18]
F. Tari, A. Ozok, and S. Holden. A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In SOUPS. ACM, 2006.
[19]
S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon. PassPoints: Design and longitudinal evaluation of a graphical password system. Int. J. Human-Computer Studies, 63(1-2), 2005.

Cited By

View all
  • (2024)Allowing for Secure and Accessible Authentication for Individuals with Disabilities of DexterityHuman-Centered Software Engineering10.1007/978-3-031-64576-1_7(133-146)Online publication date: 1-Jul-2024
  • (2023)GestureMeter: Design and Evaluation of a Gesture Password Strength MeterProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581397(1-19)Online publication date: 19-Apr-2023
  • (2023)Improved Arbitrary Graphical Password Authentication for Web Application Safety2023 5th International Conference on Smart Systems and Inventive Technology (ICSSIT)10.1109/ICSSIT55814.2023.10060964(714-720)Online publication date: 23-Jan-2023
  • Show More Cited By

Index Terms

  1. Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      CHI '10: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
      April 2010
      2690 pages
      ISBN:9781605589299
      DOI:10.1145/1753326
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 10 April 2010

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. eye tracking
      2. graphical passwords
      3. usable security

      Qualifiers

      • Research-article

      Conference

      CHI '10
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

      Upcoming Conference

      CHI 2025
      ACM CHI Conference on Human Factors in Computing Systems
      April 26 - May 1, 2025
      Yokohama , Japan

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)14
      • Downloads (Last 6 weeks)1
      Reflects downloads up to 19 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Allowing for Secure and Accessible Authentication for Individuals with Disabilities of DexterityHuman-Centered Software Engineering10.1007/978-3-031-64576-1_7(133-146)Online publication date: 1-Jul-2024
      • (2023)GestureMeter: Design and Evaluation of a Gesture Password Strength MeterProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581397(1-19)Online publication date: 19-Apr-2023
      • (2023)Improved Arbitrary Graphical Password Authentication for Web Application Safety2023 5th International Conference on Smart Systems and Inventive Technology (ICSSIT)10.1109/ICSSIT55814.2023.10060964(714-720)Online publication date: 23-Jan-2023
      • (2022)Enabling Finger-Touch-Based Mobile User Authentication via Physical Vibrations on IoT DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2021.305708321:10(3565-3580)Online publication date: 1-Oct-2022
      • (2022)User-centred multimodal authentication: securing handheld mobile devices using gaze and touch inputBehaviour & Information Technology10.1080/0144929X.2022.206959741:10(2061-2083)Online publication date: 6-May-2022
      • (2022)“Pictures are easier to remember than spellings!”International Journal of Child-Computer Interaction10.1016/j.ijcci.2022.10051533:COnline publication date: 1-Sep-2022
      • (2022)Comparison Between PIN and Picture-Based Implementations in Gaze-Based AuthenticationProceedings of the 8th International Conference on Computational Science and Technology10.1007/978-981-16-8515-6_37(469-482)Online publication date: 26-Mar-2022
      • (2021)GazeWheels: Recommendations for using wheel widgets for feedback during dwell-time gaze inputit - Information Technology10.1515/itit-2020-004263:3(145-156)Online publication date: 13-May-2021
      • (2021)Adversary Models for Mobile Device AuthenticationACM Computing Surveys10.1145/347760154:9(1-35)Online publication date: 8-Oct-2021
      • (2021)GazeMeter: Exploring the Usage of Gaze Behaviour to Enhance Password AssessmentsACM Symposium on Eye Tracking Research and Applications10.1145/3448017.3457384(1-12)Online publication date: 25-May-2021
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media