Paper Info
Title
Guessing click-based graphical passwords by eye tracking
Abstract
Click-based graphical passwords are a new method of authentication where passwords are created and entered by clicking in particular places on an image. This paper presents a study that investigated eye tracking as a potential threat to the security of such passwords. If the gaze data from people looking at an image resembles the click-points of other people's passwords, then covert eye tracking might be used to create dictionaries to effectively guess passwords. The study used an eye tracker to record the participants' gaze as they looked at images that had been used as the basis for passwords in an earlier study. We then compared the eye tracker data with the actual password click-points gathered during the earlier study, and conducted several forms of analysis to determine the likely success of guessing passwords. The eye tracker data did somewhat resemble the password click-points, and might offer attackers an advantage over guessing at random. The effectiveness shown for this approach was limited, however, although might allow improvement that would result in greater danger, especially if gaze data could be gathered without explicit interaction.
Year
DOI
Venue
2010
10.1109/PST.2010.5593249
Privacy Security and Trust
Keywords
Field
DocType
eye,message authentication,authentication,click-based graphical passwords,eye tracker,eye tracking
Internet privacy,Authentication,Gaze,Message authentication code,Visualization,Computer science,Computer security,Covert,Eye tracking,Password
Conference
ISSN
ISBN
Citations 
1712-364X
978-1-4244-7549-0
5
PageRank 
References 
Authors
0.43
12
3
Name
Order
Citations
PageRank
Daniel Leblanc150.43
Alain Forget238320.53
Robert Biddle352845.50