Reducing Shoulder-surfing by Using Gaze-based Password Entry
Authors: M. Kumar, Tal Garfinkel, D. Boneh, and T. Winograd
Abstract:
Shoulder-surfing --- using direct observation techniques, such as
looking over someone's shoulder, to get passwords, PINs and other
sensitive personal information --- is a well known weakness of
password authentication. We present EyePassword, a system that
mitigates shoulder surfing via a novel approach to user
input. With EyePassword, a user enters sensitive input (password,
PIN, etc.) by selecting from an on-screen keyboard using only the
orientation of their pupils (i.e. the position of their gaze on
screen), making eavesdropping by a malicious observer largely
impractical. We present a number of design choices and discuss their
effect on usability and security. We conducted user studies to
evaluate the speed, accuracy and user acceptance of our approach. Our
results demonstrate that gaze-based password entry requires marginal
additional time over using a keyboard, error rates are similar to
those of using a keyboard and subjects preferred the gaze-based
password entry approach over traditional methods.
Reference:
In proceedings of the 2007 Symposium On Usable Privacy and Security (SOUPS)
Full paper: pdf