Can Eye Gaze Reveal Graphical Passwords?
Date: July 2008
Publication: Proceedings of the Symposium On Usable Privacy and Security, SOUPS '08
Source 1: http://cups.cs.cmu.edu/soups/2008/posters/leblanc.pdf
Source 2: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.206.3617&rep=rep1&type=pdf
Abstract or Summary:
Graphical passwords have been proposed as an alternative to text passwords. These new authentication mediums are of much interest to researchers today due to their potential for usability and security. However, we must also consider new threats they may present. We are interested in the effects that visual attention and visual search have on the creation and maintenance of graphical passwords, and whether eye fixations can predict the location of these passwords. If eye fixations are good predictors, then the security of graphical passwords is considerably weakened.
Eye trackers, which detect eye movements on a screen, are becoming readily available. We hypothesize that gaze points gathered from any user could potentially be used to form an attack dictionary to guess other users’ graphical passwords. This may be possible because people tend to look at visual scenes in similar patterns. We conducted a lab study examining eye gaze patterns as users selected graphical passwords and then used this gaze data to form an attack dictionary. Surprisingly, we found that eye gaze is not a good predictor of passwords.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.