Abstract
Blind people use smartphone devices to perform many daily activities like mobile banking, social media, shopping, health care, etc. While smartphone devices are essential tools for many people who are blind and visually impaired, these devices pose significant security and privacy risks for them. One of the security-related challenges that blind users face is authenticating their identity to access web apps. Most password systems on smartphone devices do not meet the requirements of people with no or low vision, inviting aural and video observation attacks due to the limitations of screen readers, input methods, and user interfaces on web applications. Thus, this study proposes a new web authentication system for blind and visually impaired people, and demonstrates its accessibility, usability and security against observation attacks. This paper explains the design of the proposed authentication technique and reports a study with people living with visual impairments that demonstrates the method’s resilience to observation attacks. To login, a user enters six digits of selected Braille characters informed by haptic feedback (vibration). The BraillePassword provides no aural or visual feedback, minimizing the risk of observation or shoulder attack without any extra fees for special hardware. A user study conducted with ten blind participants showed that BraillePassword is a more secure and accessible authentication method for touchscreens than the traditional method, where passwords are entered using a QWERTY keyboard. All participants were able to enter their credentials using the BraillePassword and 82.5% successfully logged into their web application using this method over a week. The researcher was able to guess only 12.5% of passwords entered into BraillePassword after conducting a video based attack, indicating that the BraillePassword achieves better resistance to audio and video attacks than the traditional authentication method while maintaining the accessibility of authentication user interface. We also gathered preliminary evidence that six digits in BraillePassword has a stronger entropy than six digits used in the traditional authentication system.
Similar content being viewed by others
References
Accessibility (2016) Accessibility features. http://www.lenovo.com/lenovo/us/en/accessibility/. Accessed 9 Oct 2017
Ali A (2015) Sequential gestural passcodes on Google glass. In: Proceedings of the 17th international ACM SIGACCESS conference on computers & accessibility (ASSETS ’15). ACM, New York, pp 359–360. https://doi.org/10.1145/2700648.2811326
Ali A, Kuber R, Aviv AJ (2016) Developing and evaluating a gestural and tactile mobile interface to support user authentication. In: iConference
Alnfiai M, Sampalli S (2017) BrailleEnter: a touch screen braille text entry method for the blind. In: The 8th international conference on ambient systems, networks and technologies (ANT 2017), Procedia Computer Science, vol 109, pp 257–264. ISSN 1877-0509. https://doi.org/10.1016/j.procs.2017.05.349
Authentication technologies (2009) Authorization. Recognition. Verification. identification. screening. http://biometrics.pbworks.com /w/page/14811351/ authentication%20 #limitationsofbiometrics
Azenkot S, K Rector, R Ladner, Wobbrock J (2012) PassChords: secure multi-touch authentication for blind people. In: Proceedings of the 14th international ACM SIGACCESS conference on computers and accessibility (ASSETS ‘12). ACM, New York, 159–166. https://doi.org/10.1145/2384916.2384945
Bigham JP, Cavender AC (2009) Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use. In: Proceedings of the SIGCHI conference on human factors in computing systems, Boston, MA, 4–9 April. https://doi.org/10.1145/1518701.1518983
Burnett M (2006) Perfect passwords. Syngress Publishing, Rockland
Cassidy B, Cockton G, Coventry L (2013) A haptic ATM interface to assist visually impaired users. In: Proceedings of the 15th international ACM SIGACCESS conference on computers and accessibility, pp. 1–8
Catuogno L, Galdi C (2014) On user authentication by means of video events recognition. J Ambient Intell Humaniz Comput 5(6):909–918
D’Arcy J, Feng J (2006) Investigating security-related behaviors among computer users with motor impairments
De Luca A, von Zezschwitz E, Hußmann H (2009) Vibrapass: secure authentication based on shared lies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, New York, 913–916
De Luca A, Harbach M, von Zezschwitz E et al (2014) Now you see me, now you don’t: protecting smartphone authentication from shoulder surfers. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ‘14). ACM, New York, 2937–2946
Dhamija R, Perrig A (2000) Déjà Vu: a user study using images for authentication. In: Proceedings of the 9th USENX security symposium, Denver, Colorado
Fritsch L, Fuglerud K, Solheim I (2010) Towards inclusive identity management. Identity Inf Soc 3:515–538
Gibson M, Conrad M, Maple C, Renaud K (2010) Accessible and secure? Design constraints on image and sound based passwords. In: 2010 international conference on information society, London, pp 423–428
Helkala K (2012) Disabilities and authentication methods: usability and security. In: 7th international conference on availability, reliability and security, pp 327–334
Holman J, Lazar J, Feng J (2008) Investigating the security-related challenges of blind users on the web. In: Langdon P, Clarkson PJ, Robinson P (eds) Designing inclusive futures. Springer, London, pp 129–138
Keane J (2016) Facial recognition apps are leaving blind people behind. Face-scanning apps are the latest trend in biometrics, but do they work for people with sight issues? https://motherboard.vice.com/en_us/article/facial-recognition-apps-are-leaving-blind-people-behind
Kuber R, Sharma S (2010) Toward tactile authentication for blind users. In: Proceedings of the 12th international ACM SIGACCESS conference on computers and accessibility (ASSETS ‘10). ACM, New York, 289–290. https://doi.org/10.1145/1878803.1878875
Kuber R, Sharma S (2012) Developing an extension to an existing tactile authentication mechanism to support non-visual interaction. In: Proceedings of IASTED conference on human-computer interaction, Baltimore, pp 190–198
Ladner RE, Kane SK, Wobbrock JO (2011) Usable gestures for blind people: understanding preference and performance. In: Proceedings of the 2011 annuall conference on human factors in computing systems. ACM, New York
Lin FX, Ashbrook D, White S (2011) Rhythmlink: securely pairing i/o-constrained devices by tapping. In: Proceedings of UIST’11. ACM, New York, 263–272
Lowry R (2005) Concepts and applications of inferential statistics [Electronic Version]. http://faculty.vassar.edu/lowry /webtext.html
Ma Y, Feng JH, Kumin L, Lazar J, Sreeramareddy L (2012) Investigating authentication methods used by individuals with down syndrome. In: Proceedings of the 14th international ACM SIGACCESS conference on computers and accessibility. ACM, pp 241–242
Marques D, Carrico L, Guerreiro T (2015) Assessing inconspicuous smartphone authentication for blind people. https://arxiv.org/abs/1506.00930
Meng Y, Wong DS, Kwok L-F (2014) Design of touch dynamics based user authentication with an adaptive mechanism on mobile phones. In: Proceedings of the 29th annual ACM symposium on applied computing (SAC ‘14). ACM, New York, 1680–1687. https://doi.org/10.1145/2554850.25
Mudholkar S, Shende p, Sarode M (2012) Biometrics authentication technique for intrusion detection systems using fingerprint recognition. Int J Comput Sci Eng Inf Technol. https://doi.org/10.5121/ijcseit.2012.2106
Natã M, Barbosa J, Hayes, Wang Y (2016) UniPass: design and evaluation of a smart device-based password manager for visually impaired users. In: Proceedings of the 2016 ACM international joint conference on pervasive and ubiquitous computing (UbiComp ‘16). ACM, New York, 49–60. https://doi.org/10.1145/2971648.2971722
Nicolau H, Guerreiro T, Jorge J, Gon D (2010) Proficient blind users and mobile text-entry. In: Proceedings of the 28th annual European conference on cognitive ergonomics, ECCE’10. ACM, New York, 19–22
Nitesh S, Watt J (2009) Authentication technologies for the blind or visually impaired. In: Proceedings of the 4th USENIX conference on Hot topics in security, August 11, Montreal, Canada, pp 7–7
Oorschot PC, Thorpe J (2008) On predictive models and user-drawn graphical passwords. ACM Trans Inf Syst Secur 10(4):5:1–5:33
Paisios N (2012) Mobile accessibility tools for the visually impaired. PHD thesis. http://cs.nyu.edu/web/Research/Theses/nektariosp.pdf. Retrieved 19 Sept 2012
Poh N, Blanco-Gonzalo R, Wong R, Sanchez-Reillo R (2016) Blind subjects faces database. IET Biom 5(1):20–27
Sae-Bae N, Memon N, Isbister K (2012) Investigating multi-touch gestures as a novel biometric modality. In: Proceedings of IEEE fifth international conference on biometrics: theory, applications and systems (BTAS), vol 14, pp 156–161
Said K, Kuber R, Murphy E (2015) AudioAuth: exploring the design and usability of a sound-based authentication system. Int J Mob Hum Comput Interact. https://doi.org/10.4018/IJMHCI.2015100102
Sangore RB, Patil G, Ramani S, Pasare S (2014) Authentication using images and pattern. Int J Adv Res Electr Electron Instrum Eng. https://www.ijareeie.com/upload/2014/april/27XAuthentication.pdf
Sauer G, Holman J, Lazar J, Hochheiser H, J Feng (2010) Accessible privacy and security: a universally usable human-interaction proof. Univ Access Inf Soc 9(3):239–248
Saulynas S, Kuber R (2017) Towards BCI and gestural-based authentication for individuals who are blind. In: Proceedings of the 19th international ACM conference on computers and accessibility—ASSETS’17, Baltimore, MD, pp 403–404
Sherman M, Clark G, Yang Y, Sugrim S, Modig A, Lindqvist J, Oulasvirta A, Roos R (2014) User-generated free-form gestures for authentication: security and memorability. In: Proceedings of the 12th annual international conference on mobile systems, applications, and services. ACM, New York, 176–189
Suo X, Zhu Y, Scott GO (2005) Graphical passwords: a survey. In: Proceedings of the 21st annual computer security applications conference, pp 463–472, 5–9 December. https://doi.org/10.1109/CSAC.2005.27
Wobbrock JO (2009) TapSongs: tapping rhythm-based passwords on a single binary sensor. In: Proceedings of the 22nd annual ACM symposium on user interface software and technology, October 04-07, 2009, Victoria, BC, Canada. https://doi.org/10.1145/1622176.1622194
Wolf F, Kuber R, Aviv AJ (2017) Perceptions of mobile device authentication mechanisms by individuals who are blind. In: Proceedings of the 19th international ACM SIGACCESS conference on computers and accessibility (ASSETS ’17). ACM, New York, pp 385–386. https://doi.org/10.1145/3132525.3134793
von Zezschwitz E, De Luca A, Hußmann H (2014) Honey, I shrunk the keys: Influences of mobile devices on password composition and authentication performance. In: Proceedings of the 8th nordic conference on human-computer interaction: fun, fast, foundational. ACM, New York, 461–470
Acknowledgements
We thank the Taif University Accessibility Center and CNIB, and the study volunteers. We also gratefully acknowledge support from the Saudi Arabian Cultural Bureau in Canada.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Alnfiai, M., Sampalli, S. BraillePassword: accessible web authentication technique on touchscreen devices. J Ambient Intell Human Comput 10, 2375–2391 (2019). https://doi.org/10.1007/s12652-018-0860-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-018-0860-x