Abstract
Legacy passwords (e.g., PINs, text or graphical passwords) which are compatible with existing server backends, are textual or image based. The type of password may have bearing on the memorability of the password. It has been proven that pictures are more memorable than text, but will the maxim still hold when the pictures in the challenge set have high visual similarity to one another? We consider pictures in comparison to the alternative of the highly familiar Personal Identification Number (PIN). Both these types of password were implemented and tested on a gaze-based authentication platform. Gaze-based systems already reduce the tendency of leakage of information during login and thus it is in this context we consider the need for usability over resistance to shoulder surfing. Two login systems were developed which is the normal PIN number and picture-based password. 27 people participated in the user testing and survey. In both systems, users had 100% login success rate within the three attempts given, and the participants perceived the gaze-based authentication systems positively. However, for the picture-based password, where the pictures in the challenge set had high visual similarity to one another, 33.3% took two attempts while one attempt was sufficient in PIN password for all participants. The time taken was also longer than with the PIN. Feedback also showed that the participants were less positive about the pictures’ memorability. The results show that PINs may be more usable than pictures when the pictures have similar semantic meaning and visual similarity with the pass images. These considerations may inform the design of passwords in gaze-based authentication.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Standing L (1973) Learning 10000 pictures. Quart J Exp Psychol 25(2):207–222
De Angeli A, Coventry L, Johnson G, Renaud K (2005) Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. Int J Hum Comput Stud 63(1):128–152
Katsini C, Abdrabou Y, Raptis GE, Khamis M, Alt F (2020) The role of eye gaze in security and privacy applications: survey and future HCI research directions. In: Proceedings of the 2020 CHI conference on human factors in computing systems [Internet]. New York, NY, USA: Association for Computing Machinery [cited 2021 Aug 6], pp 1–21. Available from: https://doi.org/10.1145/3313831.3376840
Maeder A, Fookes C, Sridharan S (2004) Gaze based user authentication for personal computer applications. In: Proceedings of 2004 international symposium on intelligent multimedia, video and speech processing. IEEE, pp 727–730
Kumar M, Garfinkel T, Boneh D, Winograd T (2007) Reducing shoulder-surfing by using gaze-based password entry. In: Proceedings of the 3rd symposium on Usable privacy and security. ACM, pp 13–19
Martin M, Marija T, Sime A (2013) Eye tracking recognition-based graphical authentication. In: 2013 7th international conference on application of information and communication technologies. IEEE, pp 1–5
De Luca A, Denzel M, Hussmann H (2009) Look into my eyes!: can you guess my password? In: Proceedings of the 5th symposium on usable privacy and security. ACM, p 7
Forget A, Chiasson S, Biddle R (2010) Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords. In: Proceedings of the SIGCHI conference on human factors in computing systems. ACM, pp 1107–1110
Weaver J, Mock K, Hoanca B (2011) Gaze-based password authentication through automatic clustering of gaze points. In: 2011 IEEE international conference on systems, man, and cybernetics. IEEE, pp 2749–2754
Li Z, Li M, Mohapatra P, Han J, Chen S (2017) iType: using eye gaze to enhance typing privacy. In: IEEE INFOCOM 2017-IEEE conference on computer communications. IEEE, pp 1–9
Khamis M, Alt F, Hassib M, von Zezschwitz E, Hasholzner R, Bulling A (2016) GazeTouchPass: multimodal authentication using gaze and touch on mobile devices. In: Proceedings of the 2016 CHI conference extended abstracts on human factors in computing systems. ACM, pp 2156–2164
Brooks M, Aragon CR, Komogortsev OV (2013) Perceptions of interfaces for eye movement biometrics. In: 2013 international conference on biometrics (ICB). IEEE, pp 1–8
Bulling A, Alt F, Schmidt A (2012) Increasing the security of gaze-based cued-recall graphical passwords using saliency masks. In: Proceedings of the SIGCHI conference on human factors in computing systems. ACM, pp 3011–3020
Biddle R, Chiasson S, Van Oorschot PC (2012) Graphical passwords: learning from the first twelve years. ACM Comput Surv 44(4):19:1–19:41
Acknowledgements
This work was supported by the IRFund grant [grant number MMUI/210071], Multimedia University, Malaysia.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Kam, Y.HS., Azmi, M.H.B.M. (2022). Comparison Between PIN and Picture-Based Implementations in Gaze-Based Authentication. In: Alfred, R., Lim, Y. (eds) Proceedings of the 8th International Conference on Computational Science and Technology. Lecture Notes in Electrical Engineering, vol 835. Springer, Singapore. https://doi.org/10.1007/978-981-16-8515-6_37
Download citation
DOI: https://doi.org/10.1007/978-981-16-8515-6_37
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-8514-9
Online ISBN: 978-981-16-8515-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)