research-article

PassChords: secure multi-touch authentication for blind people

Authors:

Richard Ladner,

Jacob WobbrockAuthors Info & Claims

ASSETS '12: Proceedings of the 14th international ACM SIGACCESS conference on Computers and accessibility

Pages 159 - 166

https://doi.org/10.1145/2384916.2384945

Published: 22 October 2012 Publication History

Abstract

Blind mobile device users face security risks such as inaccessible authentication methods, and aural and visual eavesdropping. We interviewed 13 blind smartphone users and found that most participants were unaware of or not concerned about potential security threats. Not a single participant used optional authentication methods such as a password-protected screen lock. We addressed the high risk of unauthorized user access by developing PassChords, a non-visual authentication method for touch surfaces that is robust to aural and visual eavesdropping. A user enters a PassChord by tapping several times on a touch surface with one or more fingers. The set of fingers used in each tap defines the password. We give preliminary evidence that a four-tap PassChord has about the same entropy, a measure of password strength, as a four-digit personal identification number (PIN) used in the iPhone's Passcode Lock. We conducted a study with 16 blind participants that showed that PassChords were nearly three times as fast as iPhone's Passcode Lock with VoiceOver, suggesting that PassChords are a viable accessible authentication method for touch screens.

References

[1]

N. Asokan and C. Kuo. Usable mobile security. In ICDCIT, pages 1--6, 2012.

Digital Library

[2]

D. Asonov and R. Agrawal. Keyboard acoustic emanations. In IEEE Symposium on Security and Privacy, pages 3--11, 2004.

[3]

S. Azenkot, J. O. Wobbrock, S. Prasain, and R. E. Ladner. Input finger detection for nonvisual touch screen text entry in perkinput. In Proc. GI'12, New York, NY, USA, 2012. ACM.

Digital Library

[4]

N. Ben-Asher, N. Kirschnick, H. Sieger, J. Meyer, A. Ben-Oved, and S. Moller. On the need for different security methods on mobile phones. In Proc. MobileHCI'11, pages 465--473, New York, NY, USA, 2011. ACM.

Digital Library

[5]

Y. Berger, A. Wool, and A. Yeredor. Dictionary attacks using keyboard acoustic emanations. In Proc. CCS'06, pages 245--254, New York, NY, USA, 2006. ACM.

Digital Library

[6]

J. P. Bigham and A. C. Cavender. Evaluating existing audio captchas and an interface optimized for non-visual use. In Proc. CHI'09, pages 1829--1838, New York, NY, USA, 2009. ACM.

Digital Library

[7]

M. Burnett. Perfect passwords. Syngress Publishing, Rockland, Massachusetts, 2006.

[8]

W. E. Burr, D. F. Dodson, W. T. Polk, and D. L. Evans. Electronic authentication guideline. In NIST Special Publication, 2004.

[9]

N. Clarke and S. Furnell. Authentication of users on mobile telephones: A survey of attitudes and practices. Computers Security, 24(7):519--527, 2005.

Digital Library

[10]

R. Dhamija and A. Perrig. Deja vu: A user study using images for authentication. In Proc. USENIX Security Symposium, pages 45--58, Berkeley, CA, USA, 2000. USENIX Association.

Digital Library

[11]

D. Foo Kune and Y. Kim. Timing attacks on pin input devices. In Proc. CCS'10, pages 678--680, New York, NY, USA, 2010. ACM.

Digital Library

[12]

J. Holman, J. Lazar, J. H. Feng, and J. D'Arcy. Developing usable captchas for blind users. In Proc. ASSETS'07, pages 245--246, New York, NY, USA, 2007. ACM.

Digital Library

[13]

M. Jakobsson. Why mobile security is not like traditional security, 2011. http://www.markusjakobsson. com/wp-content/uploads/fc11jakobsson.pdf.

[14]

M. Jakobsson, E. Shi, P. Golle, and R. Chow. Implicit authentication for mobile devices. In Proc. HotSec'09, pages 9--9, Berkeley, CA, USA, 2009. USENIX Association.

Digital Library

[15]

W. Jansen, K. Scarfone, C. M. Gutierrez, D. Patrick, D. Gallagher, and D. Director. Guidelines on cell phone and pda security recommendations of the national, 2008.

[16]

I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin. The design and analysis of graphical passwords. In Proc SSYM'99, pages 1--1, Berkeley, CA, USA, 1999. USENIX Association.

Digital Library

[17]

S. K. Kane, C. Jayant, J. O. Wobbrock, and R. E. Ladner. Freedom to roam: a study of mobile device adoption and accessibility for people with visual and motor disabilities. In Proc. ASSETS'09, pages 115--122, New York, NY, USA, 2009. ACM.

Digital Library

[18]

V. Kostakos. Human-in-the-loop: rethinking security in mobile and pervasive systems. In CHI EA '08, pages 3075--3080, New York, NY, USA, 2008. ACM.

Digital Library

[19]

R. Kuber and S. Sharma. Toward tactile authentication for blind users. In Proc. ASSETS'10, pages 289--290, New York, NY, USA, 2010. ACM.

Digital Library

[20]

F. X. Lin, D. Ashbrook, and S. White. Rhythmlink: securely pairing i/o-constrained devices by tapping. In Proc. UIST'11, pages 263--272, New York, NY, USA, 2011. ACM.

Digital Library

[21]

P. C. v. Oorschot and J. Thorpe. On predictive models and user-drawn graphical passwords. ACM Trans. Inf. Syst. Secur., 10(4):5:1--5:33, Jan. 2008.

Digital Library

[22]

K. Poulsen. Mitnick to lawmakers: People, phones and weakest links, 2009. http://www.politechbot.com/p-00969.html.

[23]

B. Schneier. The secret question is: why do IT systems use insecure passwords? The Guardian, 2009. http://www.guardian.co.uk/technology/2009/feb/19/insecurepasswords-conickerb-worm.

[24]

S. Shirali-Shahreza and M. H. Shirali-Shahreza. Accessibility of captcha methods. In Proc. AISec'11, pages 109--110, New York, NY, USA, 2011. ACM.

Digital Library

[25]

X. Suo, Y. Zhu, and G. Owen. Graphical passwords: a survey. In Computer Security Applications Conference, 21st Annual, page 472, dec. 2005.

Digital Library

[26]

S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon. Passpoints: Design and longitudinal evaluation of a graphical password system. In Proc. USENIX Security Symposium, pages 102--127, Berkeley, CA, USA, 2005. USENIX Association.

Digital Library

[27]

J. O. Wobbrock. Tapsongs: tapping rhythm-based passwords on a single binary sensor. In Proc. UIST'09, pages 93--96, New York, NY, USA, 2009. ACM.

Digital Library

[28]

J. O. Wobbrock, L. Findlater, D. Gergle, and J. J. Higgins. The aligned rank transform for nonparametric factorial analyses using only anova procedures. In Proc. CHI'11, pages 143--146, New York, NY, USA, 2011. ACM.

Digital Library

[29]

Q. Xiao. Security issues in biometric authentication. In Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC, pages 8--13, june 2005.

Cited By

Marsh AMilne L(2024)I Don’t Want to Sound Rude, but It’s None of Their Business: Exploring Security and Privacy Concerns around Assistive Technology Use in Educational SettingsACM Transactions on Accessible Computing10.1145/367069017:2(1-30)Online publication date: 5-Jun-2024
https://dl.acm.org/doi/10.1145/3670690
Lewis BKirupaharan PRanalli TVenkatasubramanian K(2024)A3C: An Image-Association-Based Computing Device Authentication Framework for People with Upper Extremity ImpairmentsACM Transactions on Accessible Computing10.1145/365252217:2(1-37)Online publication date: 19-Mar-2024
https://dl.acm.org/doi/10.1145/3652522
Kaushik SBarbosa NYu YSharma TKilhoffer ZSeo JDas SWang YKelley PKapadia A(2023)GuardLensProceedings of the Nineteenth USENIX Conference on Usable Privacy and Security10.5555/3632186.3632206(361-380)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.5555/3632186.3632206
Show More Cited By

Index Terms

PassChords: secure multi-touch authentication for blind people
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Interaction devices
      1. Touch screens
2. Social and professional topics
  1. Professional topics
    1. Computing profession
      1. Assistive technologies
  2. User characteristics
    1. People with disabilities

Recommendations

BrailleType: unleashing braille over touch screen mobile phones
INTERACT'11: Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part I

The emergence of touch screen devices poses a new set of challenges regarding text-entry. These are more obvious when considering blind people, as touch screens lack the tactile feedback they are used to when interacting with devices. The available ...
Slide rule: making mobile touch screens accessible to blind people using multi-touch interaction techniques
Assets '08: Proceedings of the 10th international ACM SIGACCESS conference on Computers and accessibility

Recent advances in touch screen technology have increased the prevalence of touch screens and have prompted a wave of new touch screen-based devices. However, touch screens are still largely inaccessible to blind users, who must adopt error-prone ...
Usable gestures for blind people: understanding preference and performance
CHI '11: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Despite growing awareness of the accessibility issues surrounding touch screen use by blind people, designers still face challenges when creating accessible touch screen interfaces. One major stumbling block is a lack of understanding about how blind ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASSETS '12: Proceedings of the 14th international ACM SIGACCESS conference on Computers and accessibility

October 2012

321 pages

ISBN:9781450313216

DOI:10.1145/2384916

General Chair:
Matt Huenerfauth
City University of New York, USA
,
Program Chair:
Sri Kurniawan
University of California Santa Cruz, USA

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGACCESS: ACM Special Interest Group on Accessible Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 October 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASSETS '12

Sponsor:

SIGACCESS

ASSETS '12: The 14th International ACM SIGACCESS Conference on Computers and Accessibility

October 22 - 24, 2012

Colorado, Boulder, USA

Acceptance Rates

Overall Acceptance Rate 436 of 1,556 submissions, 28%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

79
Total Citations
View Citations
1,079
Total Downloads

Downloads (Last 12 months)87
Downloads (Last 6 weeks)5

Reflects downloads up to 28 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Marsh AMilne L(2024)I Don’t Want to Sound Rude, but It’s None of Their Business: Exploring Security and Privacy Concerns around Assistive Technology Use in Educational SettingsACM Transactions on Accessible Computing10.1145/367069017:2(1-30)Online publication date: 5-Jun-2024
https://dl.acm.org/doi/10.1145/3670690
Lewis BKirupaharan PRanalli TVenkatasubramanian K(2024)A3C: An Image-Association-Based Computing Device Authentication Framework for People with Upper Extremity ImpairmentsACM Transactions on Accessible Computing10.1145/365252217:2(1-37)Online publication date: 19-Mar-2024
https://dl.acm.org/doi/10.1145/3652522
Kaushik SBarbosa NYu YSharma TKilhoffer ZSeo JDas SWang YKelley PKapadia A(2023)GuardLensProceedings of the Nineteenth USENIX Conference on Usable Privacy and Security10.5555/3632186.3632206(361-380)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.5555/3632186.3632206
Zhao YYao YFu JZhou NCalandrino JTroncoso C(2023)"If sighted people know, i should be able to know"Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620498(4661-4678)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620498
Odarchenko RIavich MIashvili GFedushko SSyerov Y(2023)Assessment of Security KPIs for 5G Network Slices for Special Groups of SubscribersBig Data and Cognitive Computing10.3390/bdcc70401697:4(169)Online publication date: 26-Oct-2023
https://doi.org/10.3390/bdcc7040169
Andrew SWatson SOh TTigwell G(2023)Authentication Challenges in Customer Service Settings Experienced by Deaf and Hard of Hearing PeopleExtended Abstracts of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544549.3585707(1-8)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544549.3585707
Yu YAshok SKaushik SWang YWang G(2023)Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179407(2885-2902)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179407
Kamarushi MWatson STigwell GPeiris R(2022)OneButtonPIN: A Single Button Authentication Method for Blind or Low Vision Users to Improve Accessibility and Prevent EavesdroppingProceedings of the ACM on Human-Computer Interaction10.1145/35467476:MHCI(1-22)Online publication date: 20-Sep-2022
https://dl.acm.org/doi/10.1145/3546747
Colley MKränzle TRukzio E(2022)Accessibility-Related Publication Distribution in HCI Based on a Meta-AnalysisExtended Abstracts of the 2022 CHI Conference on Human Factors in Computing Systems10.1145/3491101.3519701(1-28)Online publication date: 27-Apr-2022
https://dl.acm.org/doi/10.1145/3491101.3519701
Mathis FVaniea KKhamis M(2022)Can I Borrow Your ATM? Using Virtual Reality for (Simulated) In Situ Authentication Research2022 IEEE Conference on Virtual Reality and 3D User Interfaces (VR)10.1109/VR51125.2022.00049(301-310)Online publication date: Mar-2022
https://doi.org/10.1109/VR51125.2022.00049
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents