Picture Passwords in Mixed Reality: Implementation and Evaluation

We present HoloPass, a mixed reality application for the HoloLens wearable device, which allows users to perform user authentication tasks through gesture-based interaction. In particular, this paper reports the implementation of picture passwords for mixed reality environments, and highlights the development procedure, lessons learned from common design and development issues, and how they were addressed. It further reports a between-subjects study (N=30) which compared usability, security, and likeability aspects of picture passwords in mixed reality vs. traditional desktop contexts aiming to investigate and reason on the viability of picture passwords as an alternative user authentication approach for mixed reality. This work can be of value for enhancing and driving future implementations of picture passwords in mixed reality since initial results are promising towards following such a research line.

[1]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[2]  Julie Thorpe,et al.  Exploiting predictability in click-based graphical passwords , 2011, J. Comput. Secur..

[3]  Andreas Bulling,et al.  Pupil: an open source platform for pervasive eye tracking and mobile gaze-based interaction , 2014, UbiComp Adjunct.

[4]  Stefan Schneegaß,et al.  SkullConduct: Biometric User Identification on Eyewear Computers Using Bone Conduction Through the Skull , 2016, CHI.

[5]  Joseph H. Goldberg,et al.  Identifying fixations and saccades in eye-tracking protocols , 2000, ETRA.

[6]  Jeff Yan,et al.  Do background images improve "draw a secret" graphical passwords? , 2007, CCS '07.

[7]  H. Hussmann,et al.  Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality , 2017 .

[8]  Tadayoshi Kohno,et al.  Security and privacy for augmented reality systems , 2014, Commun. ACM.

[9]  Alireza Sahami Shirazi,et al.  Graphical Passwords in the Wild: Understanding How Users Choose Pictures and Passwords in Image-based Authentication Schemes , 2015, MobileHCI.

[10]  Ziming Zhao,et al.  On the Security of Picture Gesture Authentication , 2013, USENIX Security Symposium.

[11]  Andrew T. Duchowski,et al.  Gaze Transition Entropy , 2015, TAP.

[12]  Ashwin Ashok,et al.  Whose move is it anyway? Authenticating smart wearable devices using unique head movement patterns , 2016, 2016 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[13]  Daniel J. Wigdor,et al.  Typing on flat glass: examining ten-finger expert typing patterns on touch surfaces , 2011, CHI.

[14]  Robert Biddle,et al.  Graphical passwords: Learning from the first twelve years , 2012, CSUR.

[15]  Heinrich Hußmann,et al.  Honey, I shrunk the keys: influences of mobile devices on password composition and authentication performance , 2014, NordiCHI.

[16]  Nasir D. Memon,et al.  Authentication using graphical passwords: effects of tolerance and image choice , 2005, SOUPS '05.

[17]  Alan Godfrey,et al.  Quantifying saccades while walking: Validity of a novel velocity-based algorithm for mobile eye tracking , 2014, 2014 36th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[18]  Ziming Zhao,et al.  Picture Gesture Authentication , 2015, ACM Trans. Inf. Syst. Secur..

[19]  존슨 제프,et al.  Picture gesture authentication , 2011 .

[20]  Hai-Ning Liang,et al.  An exploration of usable authentication mechanisms for virtual reality systems , 2016, 2016 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS).

[21]  Nasir D. Memon,et al.  Design and Analysis of Shoulder Surfing Resistant PIN Based Authentication Mechanisms on Google Glass , 2015, Financial Cryptography Workshops.