OneButtonPIN: A Single Button Authentication Method for Blind or Low Vision Users to Improve Accessibility and Prevent Eavesdropping

Abstract

A Personal Identification Number (PIN) is a widely adopted authentication method used by smartphones, ATMs, etc. PINs offer strong security and can be reset when compromised (unlike biometric authentication). However, PINs can be inaccessible for blind or low vision (BLV) users due to screen readers voicing PINs to bystanders or potential shoulder surfing attack risks---bystanders could watch the PIN being entered without the user noticing. To address this, we present OneButtonPIN, an interface to improve PIN entry accessibility and security for BLV users. Here, a single on-screen button, when pressed and held, triggers a haptic vibration sequence. A digit is entered by counting the vibrations and releasing the button. We explored introducing random timings to the vibration sequence to increase security. A week-long evaluation with 9 BLV participants and a security study with 10 sighted participants acting as shoulder surfers demonstrated OneButtonPIN's usability and resilience against eavesdropping.