Reducing Shoulder-surfing by Using Gaze-based Password Entry
by Manu Kumar, Tal Garfinkel, Dan Boneh, Terry Winograd - Stanford University - Friday, 31 August 2007.
Shoulder-surfing – using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information – is a problem that has been difficult to overcome. When a user enters information using a keyboard, mouse, touch screen or any traditional input device, a malicious observer may be able to acquire the user’s password credentials.

We present EyePassword, a system that mitigates the issues of shoulder surfing via a novel approach to user input. With EyePassword, a user enters sensitive input (password, PIN, etc.) by selecting from an on-screen keyboard using only the orientation of their pupils (i.e. the position of their gaze on screen), making eavesdropping by a malicious observer largely impractical.

This paper contains a number of design choices and discusses their effect on usability and security. We conducted user studies to evaluate the speed, accuracy and user acceptance of our approach. Our results demonstrate that gaze-based password entry requires marginal additional time over using a keyboard, error rates are similar to those of using a keyboard and subjects preferred the gaze-based password entry approach over traditional methods.

Download the paper in PDF format here.

Spotlight

The evolution of backup and disaster recovery

Posted on 25 July 2014.  |  Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //