Eye tracking recognition-based graphical authentication

Abstract

The shift towards including human factors as part of system design has a direct impact on the security of the system. The users' misunderstanding of how a secure mechanism works usually results in security failures. People encounter security mechanisms daily, most often required to authenticate themselves using knowledge-based schemes such as passwords, the most common and prevalent type of authentication mechanisms plagued with security and usability problems. As technical solutions have not resolved the usability of passwords many passwords used in practice are either weak and usable or secure and unusable. Hence, in recent years graphical passwords have been proposed as a potential solution due to their improved usability features and the superior human ability to recognize and remember images. This paper presents an eyetracking study of ImagePass, a recognition-based graphical authentication mechanism. The the goal of the sudy was to discover how users perceive and react to graphical authentication. We test the usability of the generic components by comparing emergent gazing patterns with findings from other eye tracking studies. The results of the study show visual selection blindspots in a compact interface and a potential difference between male and female users in observation patterns graphical password selection.