ACM Digital Library home
ACM home
Advanced Search
10.1145/2384916.2384945acmconferencesArticle/Chapter ViewAbstractPublication PagesassetsConference Proceedingsconference-collections
research-article

PassChords: secure multi-touch authentication for blind people

ASSETS '12: Proceedings of the 14th international ACM SIGACCESS conference on Computers and accessibilityOctober 2012 Pages 159–166https://doi.org/10.1145/2384916.2384945
Published:22 October 2012Publication History
  • 72citation
  • 955
  • Downloads
Metrics
Total Citations72
Total Downloads955
Last 12 Months70
Last 6 weeks25

ABSTRACT

Blind mobile device users face security risks such as inaccessible authentication methods, and aural and visual eavesdropping. We interviewed 13 blind smartphone users and found that most participants were unaware of or not concerned about potential security threats. Not a single participant used optional authentication methods such as a password-protected screen lock. We addressed the high risk of unauthorized user access by developing PassChords, a non-visual authentication method for touch surfaces that is robust to aural and visual eavesdropping. A user enters a PassChord by tapping several times on a touch surface with one or more fingers. The set of fingers used in each tap defines the password. We give preliminary evidence that a four-tap PassChord has about the same entropy, a measure of password strength, as a four-digit personal identification number (PIN) used in the iPhone's Passcode Lock. We conducted a study with 16 blind participants that showed that PassChords were nearly three times as fast as iPhone's Passcode Lock with VoiceOver, suggesting that PassChords are a viable accessible authentication method for touch screens.

References

  1. N. Asokan and C. Kuo. Usable mobile security. In ICDCIT, pages 1--6, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. D. Asonov and R. Agrawal. Keyboard acoustic emanations. In IEEE Symposium on Security and Privacy, pages 3--11, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  3. S. Azenkot, J. O. Wobbrock, S. Prasain, and R. E. Ladner. Input finger detection for nonvisual touch screen text entry in perkinput. In Proc. GI'12, New York, NY, USA, 2012. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. N. Ben-Asher, N. Kirschnick, H. Sieger, J. Meyer, A. Ben-Oved, and S. Moller. On the need for different security methods on mobile phones. In Proc. MobileHCI'11, pages 465--473, New York, NY, USA, 2011. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Y. Berger, A. Wool, and A. Yeredor. Dictionary attacks using keyboard acoustic emanations. In Proc. CCS'06, pages 245--254, New York, NY, USA, 2006. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. J. P. Bigham and A. C. Cavender. Evaluating existing audio captchas and an interface optimized for non-visual use. In Proc. CHI'09, pages 1829--1838, New York, NY, USA, 2009. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. M. Burnett. Perfect passwords. Syngress Publishing, Rockland, Massachusetts, 2006.Google ScholarGoogle Scholar
  8. W. E. Burr, D. F. Dodson, W. T. Polk, and D. L. Evans. Electronic authentication guideline. In NIST Special Publication, 2004.Google ScholarGoogle Scholar
  9. N. Clarke and S. Furnell. Authentication of users on mobile telephones: A survey of attitudes and practices. Computers Security, 24(7):519--527, 2005.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. R. Dhamija and A. Perrig. Deja vu: A user study using images for authentication. In Proc. USENIX Security Symposium, pages 45--58, Berkeley, CA, USA, 2000. USENIX Association. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. D. Foo Kune and Y. Kim. Timing attacks on pin input devices. In Proc. CCS'10, pages 678--680, New York, NY, USA, 2010. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. J. Holman, J. Lazar, J. H. Feng, and J. D'Arcy. Developing usable captchas for blind users. In Proc. ASSETS'07, pages 245--246, New York, NY, USA, 2007. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. M. Jakobsson. Why mobile security is not like traditional security, 2011. http://www.markusjakobsson. com/wp-content/uploads/fc11jakobsson.pdf.Google ScholarGoogle Scholar
  14. M. Jakobsson, E. Shi, P. Golle, and R. Chow. Implicit authentication for mobile devices. In Proc. HotSec'09, pages 9--9, Berkeley, CA, USA, 2009. USENIX Association. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. W. Jansen, K. Scarfone, C. M. Gutierrez, D. Patrick, D. Gallagher, and D. Director. Guidelines on cell phone and pda security recommendations of the national, 2008.Google ScholarGoogle Scholar
  16. I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin. The design and analysis of graphical passwords. In Proc SSYM'99, pages 1--1, Berkeley, CA, USA, 1999. USENIX Association. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. S. K. Kane, C. Jayant, J. O. Wobbrock, and R. E. Ladner. Freedom to roam: a study of mobile device adoption and accessibility for people with visual and motor disabilities. In Proc. ASSETS'09, pages 115--122, New York, NY, USA, 2009. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. V. Kostakos. Human-in-the-loop: rethinking security in mobile and pervasive systems. In CHI EA '08, pages 3075--3080, New York, NY, USA, 2008. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. R. Kuber and S. Sharma. Toward tactile authentication for blind users. In Proc. ASSETS'10, pages 289--290, New York, NY, USA, 2010. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. F. X. Lin, D. Ashbrook, and S. White. Rhythmlink: securely pairing i/o-constrained devices by tapping. In Proc. UIST'11, pages 263--272, New York, NY, USA, 2011. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. P. C. v. Oorschot and J. Thorpe. On predictive models and user-drawn graphical passwords. ACM Trans. Inf. Syst. Secur., 10(4):5:1--5:33, Jan. 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. K. Poulsen. Mitnick to lawmakers: People, phones and weakest links, 2009. http://www.politechbot.com/p-00969.html.Google ScholarGoogle Scholar
  23. B. Schneier. The secret question is: why do IT systems use insecure passwords? The Guardian, 2009. http://www.guardian.co.uk/technology/2009/feb/19/insecurepasswords-conickerb-worm.Google ScholarGoogle Scholar
  24. S. Shirali-Shahreza and M. H. Shirali-Shahreza. Accessibility of captcha methods. In Proc. AISec'11, pages 109--110, New York, NY, USA, 2011. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. X. Suo, Y. Zhu, and G. Owen. Graphical passwords: a survey. In Computer Security Applications Conference, 21st Annual, page 472, dec. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon. Passpoints: Design and longitudinal evaluation of a graphical password system. In Proc. USENIX Security Symposium, pages 102--127, Berkeley, CA, USA, 2005. USENIX Association.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. J. O. Wobbrock. Tapsongs: tapping rhythm-based passwords on a single binary sensor. In Proc. UIST'09, pages 93--96, New York, NY, USA, 2009. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. J. O. Wobbrock, L. Findlater, D. Gergle, and J. J. Higgins. The aligned rank transform for nonparametric factorial analyses using only anova procedures. In Proc. CHI'11, pages 143--146, New York, NY, USA, 2011. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Q. Xiao. Security issues in biometric authentication. In Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC, pages 8--13, june 2005.Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. PassChords: secure multi-touch authentication for blind people

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        Get this Publication

        • Published in

          cover image ACM Conferences
          ASSETS '12: Proceedings of the 14th international ACM SIGACCESS conference on Computers and accessibility
          October 2012
          321 pages
          ISBN:9781450313216
          DOI:10.1145/2384916

          Copyright © 2012 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 22 October 2012

          Permissions

          Request permissions about this article.

          Request Permissions

          Author Tags

          Qualifiers

          • research-article

          Acceptance Rates

          Overall Acceptance Rate 89 of 311 submissions, 29%

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        View Table of Contents
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!