Authors: Justin Weaver, Kenrick Mock, Bogdan Hoanca
Researchers have proposed systems in which users utilize an eye tracker to enter passwords by merely looking at the proper symbols on the computer monitor in the appropriate order. This authentication method is immune to the practice of shoulder surfing: secretly observing the keystrokes of a legitimate user as he or she types a password on a keyboard. In this paper we describe the EyeDent system—in which users authenticate by looking at the symbols on an on-screen keyboard to enter their password. Existing eye-tracking based authentication systems require the user to dwell or press a trigger when looking at each symbol. Instead, in EyeDent, gaze points are automatically clustered to determine the user’s selected symbols; this approach has the benefit of allowing users to authenticate at their natural speed, rather than with a fixed dwell time. Additionally, the absence of a visible trigger does not divulge the number of symbols in the password. Results from preliminary investigations indicate that quick (3 seconds for a 4 digit PIN) authentication is possible using this scheme, but more work is needed to account for calibration error, and to dynamically adapt system parameters to the characteristics of individual users.