The purpose of this paper is to discuss all the different security threats that blind mobile users face, some ways to mitigate those threats, and the introduction of a new authentication tool called PassChords.
People use their mobile phones to access important information nowadays including email,banking and credit card information, and private data. Security of these devices and the data they contain is especially important. This paper focuses on the threats that blind people face while using these devices to access important data. They are as follows:
- Aural Eavesdropping: Due to the fact that blind people use text to speech tools on their phones (e.g iPhone voice over, accessibility etc), there is a huge risk of people overhearing important information when these devices are used in public. This risk can be mitigated by using earphones but blind users need to be aware of their environment by listening, and using earphones can sometimes be dangerous.
- Visual Eavesdropping: A person with low-vision can use mobile phone tools like text magnifiers, and large fonts to make their comprehension easier. This makes it a lot easier for someone walking by to see the contents of the users phone. The iPhone currently has a tool called the screen curtain that blacks out the screen for users who depend on voice interaction to mitigate this risk.
- Unauthorized user access: Research shows that 89% of people who have found mobile phones have attempted to access the phone’s private information. Most smartphones have the ability to be locked and unlocked using a pin for authentication, but this method is very cumbersome and error-prone for blind people. In order to mitigate this risk, the research team developed a tool called PassChords
According to the paper, “PassChords is a non-visual authentication method for touch surfaces that is robust to aural and visual eavesdropping. A user enters a PassChord by tapping several times on a touch surface with one or more fingers.” The sequence of finger taps defines the password.
In order to design a tool, they wanted to design a tool that was fast, robust to aural and visual eavesdropping, and had a high password strength and recall rate. In order to set a PassChord, the user taps all 4 fingers on the screen in order to calibrate the screen to the finger positions, and enters a sequence of several taps on the screen using a combination of different fingers to set the password. If the user makes a mistake, the PassChord can be reset by recalibrating and re-entering the tap sequence.
They conducted a study with 16 participants total, and the results were nearly three times as fast as the iPhone’s passcode lock with VoiceOver. There were no unexpected obstacles with password recall.
Overall, I was rally excited about this paper. It was very clear, and I was super excited that two of our UMBC professors were referenced in it. Using PassChords as a method for authentication is evocative of playing different sequences on a piano, so that can help with it’s recall.