Password entry - what are you looking at?
Scientists at Stanford University want to use eye-tracking to make spying on passwords and PIN numbers at ATMs and elsewhere more difficult. Customers could in future no longer type their PIN number or password, but instead simply look at the characters or numbers on a screen. This would make shoulder surfing impossible and also stop PIN number theft using manipulated keypads on ATMs. The EyePassword solution developed by the Stanford scientists is based on an eye-tracking system developed by Tobii. It determines the position and orientation of the pupils when looking at a QWERTY keyboard or number pad displayed on a monitor screen. The group investigated the speed, accuracy, error rate and user acceptance of the system. In particular, they compared the frequency of errors with various methods, such as standard keypad entry, and whether symbol input recognition should be activated by the dwell time of the gaze or through additional manual operation of an Enter key.
Although standard keypad entry is 5 times faster than other theft-resistant entry methods, the speed of EyePassword is within acceptable limits. The only obstacle to widespread use at present is the 5,000 to 40,000 dollar price tag for eye-tracking systems. However, many ATMs are already equipped with cameras which would merely require upgrading. Apple's iMac already includes a built-in iSight camera, which could also be used for such purposes.
- Reducing Shoulder-surfing by Using Gaze-based Password Entry, study by Manu Kumar, Tal Garfinkel, Dan Bohen and Terri Winograd