BraillePassword: accessible web authentication technique on touchscreen devices

Abstract

Blind people use smartphone devices to perform many daily activities like mobile banking, social media, shopping, health care, etc. While smartphone devices are essential tools for many people who are blind and visually impaired, these devices pose significant security and privacy risks for them. One of the security-related challenges that blind users face is authenticating their identity to access web apps. Most password systems on smartphone devices do not meet the requirements of people with no or low vision, inviting aural and video observation attacks due to the limitations of screen readers, input methods, and user interfaces on web applications. Thus, this study proposes a new web authentication system for blind and visually impaired people, and demonstrates its accessibility, usability and security against observation attacks. This paper explains the design of the proposed authentication technique and reports a study with people living with visual impairments that demonstrates the method’s resilience to observation attacks. To login, a user enters six digits of selected Braille characters informed by haptic feedback (vibration). The BraillePassword provides no aural or visual feedback, minimizing the risk of observation or shoulder attack without any extra fees for special hardware. A user study conducted with ten blind participants showed that BraillePassword is a more secure and accessible authentication method for touchscreens than the traditional method, where passwords are entered using a QWERTY keyboard. All participants were able to enter their credentials using the BraillePassword and 82.5% successfully logged into their web application using this method over a week. The researcher was able to guess only 12.5% of passwords entered into BraillePassword after conducting a video based attack, indicating that the BraillePassword achieves better resistance to audio and video attacks than the traditional authentication method while maintaining the accessibility of authentication user interface. We also gathered preliminary evidence that six digits in BraillePassword has a stronger entropy than six digits used in the traditional authentication system.