*Published as a Adjunt proceedings at Interact 2017*
My Contribution- Data analysis, Qualitative and quantitative research, Experiment design, Usability study
Password entry in public places poses observation attack threat, especially for blind users. In this paper we describe a novel accessible password entry interface TouchPIN. TouchPIN uses haptic cues and cue counting for PIN input. We conducted a usability evaluation with blind users and report the results here
There are two major problems associated with password entry systems on touch-screen phones by the blind.
1. The lack of audio feedback when headphones are not connected.
2. The constant threat of shoulder surfing.
Unless user uses a headphone or the dim screen (which is one of the accessibility features that reduces brightness of the screen almost to zero), there are chances of shoulder-surfing and peeping into the user’s phone.
We propose is depicted graphically in figure 1. When the user puts down her finger, the system gives a “get set” vibration to get the user ready (the first blue pulse in the figure). Then there is a “pause”. This pause may be of variable duration. The vibration “pulse” after the pause is counted as the first vibration. If the user lifts the finger at this point, she will input one. If the user does not lift the finger, the system continues giving pulses with a certain “time period”. For example, it can take more time to input the smaller number 2 than the bigger number 9. It is achieved by varying either the pause, or the time period between pulses, or both. Thus, in the case of shoulder surfing, the duration for which the finger stays down on the screen cannot be used to guess the password. We call a combination of a get set vibration, a pause and a time period a “pattern”. Each digit entered in the PIN may have a different pattern.Method
We first conducted a pilot study with 3 blind users. This allowed us to determine the minimum and maximum estimates for durations of get set vibrations, pauses, pulses and time periods that blind users could reasonably recognise. The patterns were selected to maintain a reasonable ratio of the pulses and time period. The pilot also allowed us to determine the detailed method for the main evaluation, which we now describe.
The main evaluation was conducted in two parts. The first part of the evaluation was done to ensure that the solution was easy to use and error free for blind users. Further, in case users made errors, we wanted to investigate if they realized that they made an error without receiving any feedback. The second part of the evaluation was done to evaluate whether the system is resilient to observation attacks.
ConclusionWe discovered that there seems to be some relationship between the chosen pattern and task success. Our hunch is that this might be related to the ratio of the pulse length and the time period. While varying these adds to the security of the system, what is the optimum range of ratio is a matter of further detailed investigation. We expect that the patterns also will have implications to security. More varied and numerous the patterns, harder will they be to guess. Thus a smaller range could be possibly used where security is a mere deterrant (e.g. a wifi password in a restaurant), while more variation could be used where need for security is higher (a bank transaction).
Universal design: while we have designed this system for blind users, there is no reason why it cannot be used by sighted users as well. How it will compare with their current interfaces and how the design needs to be tweaked for sighted users is a matter of future research.