Eye Tracking Could Outshine Passwords if Made User Friendly

Eye Tracking Could Outshine Passwords if Made User Friendly

It's a wonder we still put up with passwords.

We forget our highly-secretive combinations, so we frequently have them reset and sent to our cellphones and alternative email addresses. We come up with clever jumbles of letters and words, only to mess up the order. We sit there on the login screen, desperately punching in a code we should know by heart.

Despite their inefficiencies, passwords are still the most common electronic authentication systems, protecting everything from our bank accounts, laptops and email to health information, utility bills and, of course, our Facebook profiles. While fingerprint-, eye- and face-recognition authentication technology is progressing, these biometric security systems haven't gone mainstream yet.

University of Washington engineers are trying to figure out why. They found in a recent study that the user's experience could be the key to creating a system that doesn't rely on passwords.

"How humans interact with biometric devices is critically important for their future success," said lead researcher Cecilia Aragon, a UW associate professor of human centered design and engineering. "This is the beginning of looking at biometric authentication as a socio-technical system, where not only does it require that it be efficient and accurate, but also something that people trust, accept and don’t get frustrated with."

Aragon believes one of the reasons face- and eye-recognition systems haven't taken off is because the user's experience often isn't factored into the design. Her team presented its study, one of the first in the field to look at user preferences, at the International Association for Pattern Recognition's International Conference on Biometrics in June. The researchers found that speed, accuracy and choice of error messages were all important for the success of an eye-tracking system.

"If you develop the technology and user interface in parallel, you can make sure the technology fits the users rather than the other way around," Aragon said. "It's very important to have feedback from all stakeholders in the process while you're designing a biometric identification system."

The UW team, in collaboration with Oleg Komogortsev at Texas State University, developed a new biometric authentication technique that identifies people based on their eye movements. They ran subjects through several types of authentication, then asked for feedback on the usability and perceived security.

In the study, users simulated withdrawing money from an ATM. The prototype – an ATM look-alike computer screen with eye-tracking technology – presented three separate types of authentication: a standard four-number PIN, a target-based game that tracks a person's gaze and a reading exercise that follows how a user's eyes move past each word. With each, researchers measured how long it took and how often the system had to recalibrate.

Eye-tracking technology uses infrared light and cameras. The light reflects off the surface of the eyeball back to the camera when a user's eye is following a dot or words on the computer screen. The tracking device picks up the unique way each person's eye moves.

The UW research team chose the ATM scenario because it's familiar to most people and many machines already have a basic security camera installed.

"The goal of eye-tracking signatures is to enable inexpensive cameras instead of specialized eye-tracking hardware," Aragon said. "This system can be used by basically any technology that has a camera, even a low-quality webcam."

When interviewed afterward, most of the study subjects said they don't trust the standard push-button PIN used in most ATMs and most assumed that the more advanced technologies would offer the best security.

But, when authentication failed – the research team deliberately caused it to not recognize users during one trial – they lost faith in the eye-tracking systems. This study showed that future eye-tracking technology should give clear error messages or directions on how users should proceed if they get off track.

"The error messages we provided and the feedback we gave were really important for making it usable," said Michael Brooks, a UW doctoral student in human centered design and engineering. "It would have been difficult to design these prototypes without getting feedback from users early on."

“The standard PIN authentication won for its speed and user-friendliness, but the dot targeting exercise also scored high among users and didn't take nearly as long as the reading exercise. This game-like option could be a model for future versions,” Brooks said.

The researchers plan to look next at developing similar eye-tracking authentication for other systems that use basic cameras, such as desktop computers. A similar design could be used to log in or gain access to a secure website.

The research was funded by the National Institute of Standards and Technology.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
  • Live From ISC West 2024: Post-Show Recap

    ISC West 2024 is complete. And from start to finish, the entire conference was a huge success with almost 30,000 people in attendance. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

Webinars

New Products

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3