Reference:
Symposium On Usable Privacy and Security (SOUPS 07)
Abstract:
Shoulder-surfing -- using direct observation techniques, such as
looking over someone's shoulder, to get passwords, PINs and
other sensitive personal information is a problem that has been
difficult to overcome. When a user enters information using a
keyboard, mouse, touch screen or any traditional input device, a
malicious observer may be able to acquire the user's password
credentials. We present EyePassword, a system that mitigates the
issues of shoulder surfing via a novel approach to user input.
With EyePassword, a user enters sensitive input (password, PIN,
etc.) by selecting from an on-screen keyboard using only the
orientation of their pupils (i.e. the position of their gaze on
screen), making eavesdropping by a malicious observer largely
impractical. We present a number of design choices and discuss
their effect on usability and security. We conducted user studies
to evaluate the speed, accuracy and user acceptance of our
approach. Our results demonstrate that gaze-based password entry
requires marginal additional time over using a keyboard, error
rates are similar to those of using a keyboard and subjects
preferred the gaze-based password entry approach over traditional
approaches.
Full paper: [ps] [pdf] [Bibtex Entry]