research-article

ColorPIN: securing PIN entry through indirect input

Authors:

Alexander De Luca,

Katja Hertzschuch,

Heinrich HussmannAuthors Info & Claims

CHI '10: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Pages 1103 - 1106

https://doi.org/10.1145/1753326.1753490

Published: 10 April 2010 Publication History

Get Access

Abstract

Automated teller machine (ATM) frauds are increasing drastically these days. When analyzing the most common attacks and the reasons for successful frauds, it becomes apparent that the main problem lies in the PIN based authentication which in itself does not provide any security features (besides the use of asterisks). That is, security is solely based on a user's behavior. Indirect input is one way to solve this problem. This mostly comes at the costs of adding overhead to the input process. We present ColorPIN, an authentication mechanism that uses indirect input to provide security enhanced PIN entry. At the same time, ColorPIN remains a one-to-one relationship between the length of the PIN and the required number of clicks. A user study showed that ColorPIN is significantly more secure than standard PIN entry while enabling good authentication speed in comparison with related systems.

Supplementary Material

JPG File (1753490.jpg)

Download
17.31 KB

index.html (index.html)

Slides from the presentation

Download
.93 KB

Audio only (1753490.mp3)

Download
4.60 MB

Video (1753490.mp4)

Download
63.29 MB

References

[1]

Adams, A., Sasse, M. A. Users are not the enemy. Commun. ACM 42, 12, 40--46.

Digital Library

Google Scholar

[2]

Hayashi, E., Dhamija, R., Christin, N., Perrig, A. Use your illusion: secure authentication usable anywhere. In Proc. SOUPS '08.

Digital Library

Google Scholar

[3]

Moncur, W., Leplâtre, G. Pictures at the ATM: exploring the usability of multiple graphical passwords. In Proc. CHI '07.

Digital Library

Google Scholar

[4]

Roth, V., Richter, K., Freidinger, R. A pin-entry method resilient against shoulder surfing. In Proc. CCS '04.

Digital Library

Google Scholar

[5]

Sasamoto, H., Christin, N., Hayashi, E. Undercover: authentication usable in front of prying eyes. In Proc. CHI '08.

Digital Library

Google Scholar

[6]

Tan, D., Keyani, P., Czerwinski, M. Spy-resistant keyboard: more secure password entry on public touch screen displays. In Proc. OZCHI '05.

Digital Library

Google Scholar

[7]

Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.-C. Design and evaluation of a shoulder-surfing resistant graphical password scheme. In Proc. AVI 2006.

Digital Library

Google Scholar

Cited By

View all

Hallal LRhinelander JVenkat R(2024)Recent Trends of Authentication Methods in Extended Reality: A SurveyApplied System Innovation10.3390/asi70300457:3(45)Online publication date: 28-May-2024
https://doi.org/10.3390/asi7030045
Corbett MDavid-John BShang JJi B(2024)ShouldAR: Detecting Shoulder Surfing Attacks Using Multimodal Eye Tracking and Augmented RealityProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785738:3(1-23)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678573
Olade ILiang HFleming C(2023)Story-based authentication for mobile devices using semantically-linked imagesInternational Journal of Human-Computer Studies10.1016/j.ijhcs.2022.102967171:COnline publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.ijhcs.2022.102967
Show More Cited By

Index Terms

ColorPIN: securing PIN entry through indirect input
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. HCI design and evaluation methods
    2. Interaction devices
      1. Touch screens

Recommendations

A new signature scheme without random oracles

Digital signature is commonly used for authentication of a user or data. In order to ensure the security of a signature scheme, it is important to design a signature scheme with a security proof. In 1999, Gennaro et al. and Cramer et al. respectively ...
Towards understanding ATM security: a field study of real world ATM use
SOUPS '10: Proceedings of the Sixth Symposium on Usable Privacy and Security

With the increase of automated teller machine (ATM) frauds, new authentication mechanisms are developed to overcome security problems of personal identification numbers (PIN). Those mechanisms are usually judged on speed, security, and memorability in ...
Improvement of the Peyravian-Jeffries's user authentication protocol and password change protocol

Remote authentication of users supported by passwords is a broadly adopted method of authentication within insecure network environments. Such protocols typically rely on pre-established secure cryptographic keys or public key infrastructure. Recently, ...

Comments

Information & Contributors

Information

Published In

CHI '10: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

April 2010

2690 pages

ISBN:9781605589299

DOI:10.1145/1753326

General Chair:
Elizabeth Mynatt
Georgia Institute of Technology
,
Program Chairs:
Geraldine Fitzpatrick
Vienna University of Technology
,
Scott Hudson
Carnegie Mellon University
,
Keith Edwards
Georgia Tech
,
Tom Rodden
University of Nottingham

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 April 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CHI '10

Sponsor:

SIGCHI

CHI '10: CHI Conference on Human Factors in Computing Systems

April 10 - 15, 2010

Georgia, Atlanta, USA

Acceptance Rates

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

56
Total Citations
View Citations
1,459
Total Downloads

Downloads (Last 12 months)25
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Hallal LRhinelander JVenkat R(2024)Recent Trends of Authentication Methods in Extended Reality: A SurveyApplied System Innovation10.3390/asi70300457:3(45)Online publication date: 28-May-2024
https://doi.org/10.3390/asi7030045
Corbett MDavid-John BShang JJi B(2024)ShouldAR: Detecting Shoulder Surfing Attacks Using Multimodal Eye Tracking and Augmented RealityProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785738:3(1-23)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678573
Olade ILiang HFleming C(2023)Story-based authentication for mobile devices using semantically-linked imagesInternational Journal of Human-Computer Studies10.1016/j.ijhcs.2022.102967171:COnline publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.ijhcs.2022.102967
Mathis FO'Hagan JVaniea KKhamis MBottoni PPanizzi E(2022)Stay Home! Conducting Remote Usability Evaluations of Novel Real-World Authentication Systems Using Virtual RealityProceedings of the 2022 International Conference on Advanced Visual Interfaces10.1145/3531073.3531087(1-9)Online publication date: 6-Jun-2022
https://dl.acm.org/doi/10.1145/3531073.3531087
Rohanifar YSultana SNandy SSaha PChowdhury MAl-Ameen MAhmed S(2022)The Role of Intermediaries, Terrorist Assemblage, and Re-skilling in the Adoption of Cashless Transaction Systems in BangladeshProceedings of the 5th ACM SIGCAS/SIGCHI Conference on Computing and Sustainable Societies10.1145/3530190.3534810(266-279)Online publication date: 29-Jun-2022
https://dl.acm.org/doi/10.1145/3530190.3534810
Watson KBretin RKhamis MMathis F(2022)The Feet in Human-Centred Security: Investigating Foot-Based User Authentication for Public DisplaysExtended Abstracts of the 2022 CHI Conference on Human Factors in Computing Systems10.1145/3491101.3519838(1-9)Online publication date: 27-Apr-2022
https://dl.acm.org/doi/10.1145/3491101.3519838
Mathis FVaniea KKhamis M(2022)Can I Borrow Your ATM? Using Virtual Reality for (Simulated) In Situ Authentication Research2022 IEEE Conference on Virtual Reality and 3D User Interfaces (VR)10.1109/VR51125.2022.00049(301-310)Online publication date: Mar-2022
https://doi.org/10.1109/VR51125.2022.00049
Mathis FO'Hagan JKhamis MVaniea K(2022)Virtual Reality Observations: Using Virtual Reality to Augment Lab-Based Shoulder Surfing Research2022 IEEE Conference on Virtual Reality and 3D User Interfaces (VR)10.1109/VR51125.2022.00048(291-300)Online publication date: Mar-2022
https://doi.org/10.1109/VR51125.2022.00048
Andriotis PKirby MTakasu A(2022)Bu-Dash: a universal and dynamic graphical password scheme (extended version)International Journal of Information Security10.1007/s10207-022-00642-222:2(381-401)Online publication date: 4-Dec-2022
https://dl.acm.org/doi/10.1007/s10207-022-00642-2
Valenzuela RMoquillaza APaz F(2022)Usability in Automated Teller Machines Interfaces: A Systematic Literature ReviewDesign, User Experience, and Usability: UX Research, Design, and Assessment10.1007/978-3-031-05897-4_20(275-294)Online publication date: 16-Jun-2022
https://doi.org/10.1007/978-3-031-05897-4_20
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

Supplementary Material

References

Cited By

Index Terms

Recommendations

A new signature scheme without random oracles

Towards understanding ATM security: a field study of real world ATM use

Improvement of the Peyravian-Jeffries's user authentication protocol and password change protocol

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations