Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords

Authors:
Alain Forget;Sonia Chiasson;Robert Biddle
Affiliations:
Carleton University, Ottawa, ON, Canada;Carleton University, Ottawa, ON, Canada;Carleton University, Ottawa, ON, Canada
Venue:
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Year:
2010

Citing 14
Cited 15

A PIN-entry method resilient against shoulder surfing

Proceedings of the 11th ACM conference on Computer and communications security
PassPoints: design and longitudinal evaluation of a graphical password system

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Graphical Passwords: A Survey

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Eye Tracking Methodology: Theory and Practice

Eye Tracking Methodology: Theory and Practice
Reducing shoulder-surfing by using gaze-based password entry

Proceedings of the 3rd symposium on Usable privacy and security
Modeling user choice in the PassPoints graphical password scheme

Proceedings of the 3rd symposium on Usable privacy and security
Order and entropy in picture passwords

GI '08 Proceedings of graphics interface 2008
Centered discretization with application to graphical passwords (full paper)

UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Improving text passwords through persuasion

Proceedings of the 4th symposium on Usable privacy and security
Influencing users towards better passwords: persuasive cued click-points

BCS-HCI '08 Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction - Volume 1
Look into my eyes!: can you guess my password?

Proceedings of the 5th Symposium on Usable Privacy and Security
User interface design affects security: patterns in click-based graphical passwords

International Journal of Information Security
Graphical password authentication using cued click points

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Input precision for gaze-based graphical passwords

CHI '10 Extended Abstracts on Human Factors in Computing Systems
Towards understanding ATM security: a field study of real world ATM use

Proceedings of the Sixth Symposium on Usable Privacy and Security
A stealth approach to usable security: helping IT security managers to identify workable security solutions

Proceedings of the 2010 workshop on New security paradigms
Authentication on public terminals with private devices

Proceedings of the fifth international conference on Tangible, embedded, and embodied interaction
Obfuscating authentication through haptics, sound and light

CHI '11 Extended Abstracts on Human Factors in Computing Systems
Usability of display-equipped RFID tags for security purposes

ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Breaking undercover: exploiting design flaws and nonuniform human behavior

Proceedings of the Seventh Symposium on Usable Privacy and Security
Shoulder surfing defence for recall-based graphical passwords

Proceedings of the Seventh Symposium on Usable Privacy and Security
Assessing the vulnerability of magnetic gestural authentication to video-based shoulder surfing attacks

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Increasing the security of gaze-based cued-recall graphical passwords using saliency masks

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
WYSWYE: shoulder surfing defense for recognition based graphical passwords

Proceedings of the 24th Australian Computer-Human Interaction Conference
Protected login

FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Usability and security evaluation of GeoPass: a geographic location-password scheme

Proceedings of the Ninth Symposium on Usable Privacy and Security
On the security of picture gesture authentication

SEC'13 Proceedings of the 22nd USENIX conference on Security
Can Jannie verify? Usability of display-equipped RFID tags for security purposes

Journal of Computer Security - Research in Computer Security and Privacy: Emerging Trends

Quantified Score

Hi-index	0.01

Visualization

Abstract

We present Cued Gaze-Points (CGP) as a shoulder-surfing resistant cued-recall graphical password scheme where users gaze instead of mouse-click. This approach has several advantages over similar eye-gaze systems, including a larger password space and its cued-recall nature that can help users remember multiple distinct passwords. Our 45-participant lab study is the first evaluation of gaze-based password entry via user-selected points on images. CGP's usability is potentially acceptable, warranting further refinement and study.