Advertisement

BraillePassword: accessible web authentication technique on touchscreen devices

  • Mrim AlnfiaiEmail author
  • Srinivas Sampalli
Original Research

Abstract

Blind people use smartphone devices to perform many daily activities like mobile banking, social media, shopping, health care, etc. While smartphone devices are essential tools for many people who are blind and visually impaired, these devices pose significant security and privacy risks for them. One of the security-related challenges that blind users face is authenticating their identity to access web apps. Most password systems on smartphone devices do not meet the requirements of people with no or low vision, inviting aural and video observation attacks due to the limitations of screen readers, input methods, and user interfaces on web applications. Thus, this study proposes a new web authentication system for blind and visually impaired people, and demonstrates its accessibility, usability and security against observation attacks. This paper explains the design of the proposed authentication technique and reports a study with people living with visual impairments that demonstrates the method’s resilience to observation attacks. To login, a user enters six digits of selected Braille characters informed by haptic feedback (vibration). The BraillePassword provides no aural or visual feedback, minimizing the risk of observation or shoulder attack without any extra fees for special hardware. A user study conducted with ten blind participants showed that BraillePassword is a more secure and accessible authentication method for touchscreens than the traditional method, where passwords are entered using a QWERTY keyboard. All participants were able to enter their credentials using the BraillePassword and 82.5% successfully logged into their web application using this method over a week. The researcher was able to guess only 12.5% of passwords entered into BraillePassword after conducting a video based attack, indicating that the BraillePassword achieves better resistance to audio and video attacks than the traditional authentication method while maintaining the accessibility of authentication user interface. We also gathered preliminary evidence that six digits in BraillePassword has a stronger entropy than six digits used in the traditional authentication system.

Keywords

Blind Smartphone devices Touchscreens Authentication access Security Privacy 

Notes

Acknowledgements

We thank the Taif University Accessibility Center and CNIB, and the study volunteers. We also gratefully acknowledge support from the Saudi Arabian Cultural Bureau in Canada.

References

  1. Accessibility (2016) Accessibility features. http://www.lenovo.com/lenovo/us/en/accessibility/. Accessed 9 Oct 2017
  2. Ali A (2015) Sequential gestural passcodes on Google glass. In: Proceedings of the 17th international ACM SIGACCESS conference on computers & accessibility (ASSETS ’15). ACM, New York, pp 359–360.  https://doi.org/10.1145/2700648.2811326
  3. Ali A, Kuber R, Aviv AJ (2016) Developing and evaluating a gestural and tactile mobile interface to support user authentication. In: iConferenceGoogle Scholar
  4. Alnfiai M, Sampalli S (2017) BrailleEnter: a touch screen braille text entry method for the blind. In: The 8th international conference on ambient systems, networks and technologies (ANT 2017), Procedia Computer Science, vol 109, pp 257–264. ISSN 1877-0509. https://doi.org/10.1016/j.procs.2017.05.349
  5. Authentication technologies (2009) Authorization. Recognition. Verification. identification. screening. http://biometrics.pbworks.com /w/page/14811351/ authentication%20 #limitationsofbiometricsGoogle Scholar
  6. Azenkot S, K Rector, R Ladner, Wobbrock J (2012) PassChords: secure multi-touch authentication for blind people. In: Proceedings of the 14th international ACM SIGACCESS conference on computers and accessibility (ASSETS ‘12). ACM, New York, 159–166.  https://doi.org/10.1145/2384916.2384945 CrossRefGoogle Scholar
  7. Bigham JP, Cavender AC (2009)  Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use. In: Proceedings of the SIGCHI conference on human factors in computing systems, Boston, MA, 4–9 April.  https://doi.org/10.1145/1518701.1518983
  8. Burnett M (2006) Perfect passwords. Syngress Publishing, RocklandGoogle Scholar
  9. Cassidy B, Cockton G, Coventry L (2013) A haptic ATM interface to assist visually impaired users. In: Proceedings of the 15th international ACM SIGACCESS conference on computers and accessibility, pp. 1–8Google Scholar
  10. Catuogno L, Galdi C (2014) On user authentication by means of video events recognition. J Ambient Intell Humaniz Comput 5(6):909–918CrossRefGoogle Scholar
  11. D’Arcy J, Feng J (2006) Investigating security-related behaviors among computer users with motor impairmentsGoogle Scholar
  12. De Luca A, von Zezschwitz E, Hußmann H (2009) Vibrapass: secure authentication based on shared lies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, New York, 913–916Google Scholar
  13. De Luca A, Harbach M, von Zezschwitz E et al (2014) Now you see me, now you don’t: protecting smartphone authentication from shoulder surfers. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ‘14). ACM, New York, 2937–2946Google Scholar
  14. Dhamija R, Perrig A (2000) Déjà Vu: a user study using images for authentication. In: Proceedings of the 9th USENX security symposium, Denver, ColoradoGoogle Scholar
  15. Fritsch L, Fuglerud K, Solheim I (2010) Towards inclusive identity management. Identity Inf Soc 3:515–538CrossRefGoogle Scholar
  16. Gibson M, Conrad M, Maple C, Renaud K (2010) Accessible and secure? Design constraints on image and sound based passwords. In: 2010 international conference on information society, London, pp 423–428  Google Scholar
  17. Helkala K (2012) Disabilities and authentication methods: usability and security. In: 7th international conference on availability, reliability and security, pp 327–334Google Scholar
  18. Holman J, Lazar J, Feng J (2008) Investigating the security-related challenges of blind users on the web. In: Langdon P, Clarkson PJ, Robinson P (eds) Designing inclusive futures. Springer, London, pp 129–138CrossRefGoogle Scholar
  19. Keane J (2016) Facial recognition apps are leaving blind people behind. Face-scanning apps are the latest trend in biometrics, but do they work for people with sight issues? https://motherboard.vice.com/en_us/article/facial-recognition-apps-are-leaving-blind-people-behind
  20. Kuber R, Sharma S (2010) Toward tactile authentication for blind users. In: Proceedings of the 12th international ACM SIGACCESS conference on computers and accessibility (ASSETS ‘10). ACM, New York, 289–290.  https://doi.org/10.1145/1878803.1878875 CrossRefGoogle Scholar
  21. Kuber R, Sharma S (2012) Developing an extension to an existing tactile authentication mechanism to support non-visual interaction. In: Proceedings of IASTED conference on human-computer interaction, Baltimore, pp 190–198Google Scholar
  22. Ladner RE, Kane SK, Wobbrock JO (2011) Usable gestures for blind people: understanding preference and performance. In: Proceedings of the 2011 annuall conference on human factors in computing systems. ACM, New YorkGoogle Scholar
  23. Lin FX, Ashbrook D, White S (2011) Rhythmlink: securely pairing i/o-constrained devices by tapping. In: Proceedings of UIST’11. ACM, New York, 263–272Google Scholar
  24. Lowry R (2005) Concepts and applications of inferential statistics [Electronic Version]. http://faculty.vassar.edu/lowry /webtext.html
  25. Ma Y, Feng JH, Kumin L, Lazar J, Sreeramareddy L (2012) Investigating authentication methods used by individuals with down syndrome. In: Proceedings of the 14th international ACM SIGACCESS conference on computers and accessibility. ACM, pp 241–242Google Scholar
  26. Marques D, Carrico L, Guerreiro T (2015) Assessing inconspicuous smartphone authentication for blind people. https://arxiv.org/abs/1506.00930
  27. Meng Y, Wong DS, Kwok L-F (2014) Design of touch dynamics based user authentication with an adaptive mechanism on mobile phones. In: Proceedings of the 29th annual ACM symposium on applied computing (SAC ‘14). ACM, New York, 1680–1687.  https://doi.org/10.1145/2554850.25 Google Scholar
  28. Mudholkar S, Shende p, Sarode M (2012) Biometrics authentication technique for intrusion detection systems using fingerprint recognition. Int J Comput Sci Eng Inf Technol.  https://doi.org/10.5121/ijcseit.2012.2106 Google Scholar
  29. Natã M, Barbosa J, Hayes, Wang Y (2016) UniPass: design and evaluation of a smart device-based password manager for visually impaired users. In: Proceedings of the 2016 ACM international joint conference on pervasive and ubiquitous computing (UbiComp ‘16). ACM, New York, 49–60.  https://doi.org/10.1145/2971648.2971722 Google Scholar
  30. Nicolau H, Guerreiro T, Jorge J, Gon D (2010) Proficient blind users and mobile text-entry. In: Proceedings of the 28th annual European conference on cognitive ergonomics, ECCE’10. ACM, New York, 19–22CrossRefGoogle Scholar
  31. Nitesh S, Watt J (2009) Authentication technologies for the blind or visually impaired. In: Proceedings of the 4th USENIX conference on Hot topics in security, August 11, Montreal, Canada, pp 7–7Google Scholar
  32. Oorschot PC, Thorpe J (2008) On predictive models and user-drawn graphical passwords. ACM Trans Inf Syst Secur 10(4):5:1–5:33CrossRefGoogle Scholar
  33. Paisios N (2012) Mobile accessibility tools for the visually impaired. PHD thesis. http://cs.nyu.edu/web/Research/Theses/nektariosp.pdf. Retrieved 19 Sept 2012
  34. Poh N, Blanco-Gonzalo R, Wong R, Sanchez-Reillo R (2016) Blind subjects faces database. IET Biom 5(1):20–27Google Scholar
  35. Sae-Bae N, Memon N, Isbister K (2012) Investigating multi-touch gestures as a novel biometric modality. In: Proceedings of IEEE fifth international conference on biometrics: theory, applications and systems (BTAS), vol 14, pp 156–161Google Scholar
  36. Said K, Kuber R, Murphy E (2015) AudioAuth: exploring the design and usability of a sound-based authentication system. Int J Mob Hum Comput Interact.  https://doi.org/10.4018/IJMHCI.2015100102 Google Scholar
  37. Sangore RB, Patil G, Ramani S, Pasare S (2014) Authentication using images and pattern. Int J Adv Res Electr Electron Instrum Eng. https://www.ijareeie.com/upload/2014/april/27XAuthentication.pdf
  38. Sauer G, Holman J, Lazar J, Hochheiser H, J Feng (2010) Accessible privacy and security: a universally usable human-interaction proof. Univ Access Inf Soc 9(3):239–248CrossRefGoogle Scholar
  39. Saulynas S, Kuber R (2017) Towards BCI and gestural-based authentication for individuals who are blind. In: Proceedings of the 19th international ACM conference on computers and accessibility—ASSETS’17, Baltimore, MD, pp 403–404Google Scholar
  40. Sherman M, Clark G, Yang Y, Sugrim S, Modig A, Lindqvist J, Oulasvirta A, Roos R (2014) User-generated free-form gestures for authentication: security and memorability. In: Proceedings of the 12th annual international conference on mobile systems, applications, and services. ACM, New York, 176–189Google Scholar
  41. Suo X, Zhu Y, Scott GO (2005) Graphical passwords: a survey. In: Proceedings of the 21st annual computer security applications conference, pp 463–472, 5–9 December.  https://doi.org/10.1109/CSAC.2005.27
  42. Wobbrock JO (2009) TapSongs: tapping rhythm-based passwords on a single binary sensor. In: Proceedings of the 22nd annual ACM symposium on user interface software and technology, October 04-07, 2009, Victoria, BC, Canada.  https://doi.org/10.1145/1622176.1622194
  43. Wolf F, Kuber R, Aviv AJ (2017) Perceptions of mobile device authentication mechanisms by individuals who are blind. In: Proceedings of the 19th international ACM SIGACCESS conference on computers and accessibility (ASSETS ’17). ACM, New York, pp 385–386.  https://doi.org/10.1145/3132525.3134793
  44. von Zezschwitz E, De Luca A, Hußmann H (2014) Honey, I shrunk the keys: Influences of mobile devices on password composition and authentication performance. In: Proceedings of the 8th nordic conference on human-computer interaction: fun, fast, foundational. ACM, New York, 461–470Google Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Faculty of Computer ScienceDalhousie UniversityHalifaxCanada

Personalised recommendations