With computers being used ever more ubiquitously in situations where privacy is important, secure user authentication is a central requirement. Gaze-based graphical passwords are a particularly promising means for shoulder-surfing-resistant authentication, but selecting secure passwords remains challenging. In this paper, we present a novel gaze-based authentication scheme that makes use of cued-recall graphical pass- words on a single image. In order to increase password security, our approach uses a computational model of visual attention to mask those areas of the image that are most likely to attract visual attention. We create a realistic threat model for attacks that may occur in public settings, such as filming the user’s interaction while drawing money from an ATM. Based on a 12-participant user study, we show that our approach is significantly more secure than a standard image-based authentication and gaze-based 4-digit PIN entry.
%0 Conference Paper
%1 bulling12_chi
%A Bulling, Andreas
%A Alt, Florian
%A Schmidt, Albrecht
%B Proc. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI)
%D 2012
%K Cued-recall Eye Gaze-based, Saliency Tracking, authentication graphical hcics masks, passwords, user vis
%P 3011-3020
%R 10.1145/2207676.2208712
%T Increasing the Security of Gaze-Based Cued-Recall Graphical Passwords Using Saliency Masks
%X With computers being used ever more ubiquitously in situations where privacy is important, secure user authentication is a central requirement. Gaze-based graphical passwords are a particularly promising means for shoulder-surfing-resistant authentication, but selecting secure passwords remains challenging. In this paper, we present a novel gaze-based authentication scheme that makes use of cued-recall graphical pass- words on a single image. In order to increase password security, our approach uses a computational model of visual attention to mask those areas of the image that are most likely to attract visual attention. We create a realistic threat model for attacks that may occur in public settings, such as filming the user’s interaction while drawing money from an ATM. Based on a 12-participant user study, we show that our approach is significantly more secure than a standard image-based authentication and gaze-based 4-digit PIN entry.
@inproceedings{bulling12_chi,
abstract = {With computers being used ever more ubiquitously in situations where privacy is important, secure user authentication is a central requirement. Gaze-based graphical passwords are a particularly promising means for shoulder-surfing-resistant authentication, but selecting secure passwords remains challenging. In this paper, we present a novel gaze-based authentication scheme that makes use of cued-recall graphical pass- words on a single image. In order to increase password security, our approach uses a computational model of visual attention to mask those areas of the image that are most likely to attract visual attention. We create a realistic threat model for attacks that may occur in public settings, such as filming the user’s interaction while drawing money from an ATM. Based on a 12-participant user study, we show that our approach is significantly more secure than a standard image-based authentication and gaze-based 4-digit PIN entry.},
added-at = {2024-07-11T10:05:52.000+0200},
author = {Bulling, Andreas and Alt, Florian and Schmidt, Albrecht},
biburl = {https://puma.ub.uni-stuttgart.de/bibtex/298b29c709f90c5ca24f3464d0e2ee032/hcics},
booktitle = {Proc. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI)},
doi = {10.1145/2207676.2208712},
interhash = {86f63e35095f2f0b9ceb6e1ce15421a7},
intrahash = {98b29c709f90c5ca24f3464d0e2ee032},
keywords = {Cued-recall Eye Gaze-based, Saliency Tracking, authentication graphical hcics masks, passwords, user vis},
pages = {3011-3020},
timestamp = {2024-07-11T10:11:36.000+0200},
title = {Increasing the Security of Gaze-Based Cued-Recall Graphical Passwords Using Saliency Masks},
year = 2012
}
