Working closely with blind and partially sighted (BLV) users, researchers from the University of Waterloo and Rochester Institute of Technology have developed a new authentication method that could help users of BLV technology access their devices more securely. The new method, OneButtonPIN, allows users to enter PIN codes using one large button and a series of tactile vibrations.
People with BLV often express frustration with existing authentication methods such as drawing patterns, scanning fingerprints and faces, and PIN codes. Some methods are difficult to use effectively without visual data. Others are vulnerable to privacy attacks.
OneButtonPIN addresses these security issues by using tactile vibrations that are imperceptible to outsiders. When prompted to enter a PIN, the user presses and holds a large button on their smartphone screen. This activates a series of vibrations separated by pauses; the user counts the number of vibrations corresponding to the number they wish to enter, then releases the button and repeats the process until the desired numbers are entered.
Although biometrics such as fingerprints and face scans are unique and easy to use, a person’s biometrics cannot be changed or reset, explains Stacey Watson, a computer science professor and one of the study’s researchers.
“More traditional forms of login are vulnerable due to many people on BLV using screen reader technology,” Watson said. “PIN users are vulnerable to both eavesdropping and shoulder surfing attacks, which is where someone nearby can monitor the user’s device without their knowledge.”
In a study, nine BLV participants installed OneButtonPIN apps on their phones. They were first tasked with entering randomly generated PINs using the OneButtonPIN method multiple times, then instructed to use the app at least once a day for a week as part of a diary study. The study revealed that OneButtonPIN allowed users to enter codes with an average of 83.6 percent accuracy or better, compared to 78.1 percent accuracy using traditional methods.
The method also turned out to be incredibly secure. In the second stage of the study, 10 sighted participants watched videos of people using both traditional PIN entry methods and OneButtonPIN, then tried to guess their PIN codes. Every participant was able to successfully guess users’ PINs using traditional methods, but no one was able to successfully guess the code entry using OneButtonPIN.
“Although OneButtonPIN is designed for people on BLV, many users will appreciate the added security,” Watson said. “When we make things more accessible, we also make things more usable for the average user.”
The research is published in the Proceedings of the ACM on Human-Computer Interaction.
Disclaimer: AAAS and EurekAlert! is not responsible for the accuracy of the news published on EurekAlert! by contributing institutions or for using any information through the EurekAlert system.
Add Comment