OneButtonPIN increases security for blind and low-vision tech users
New authentication method helps protect data from privacy attacks
Working closely with blind and low-vision (BLV) users, researchers at the University of Waterloo and the Rochester Institute of Technology have developed a new authentication method that could help BLV technology users more securely access their devices. The new method, OneButtonPIN, allows users to input PIN codes using a single large button and a series of haptic vibrations.
People with BLV frequently express frustrations with existing authentication methods such as drawing patterns, fingerprint and face scans, and PIN codes. Some methods are difficult to use effectively without visual data. Others are vulnerable to privacy attacks.
OneButtonPIN addresses these security issues by using haptic vibrations imperceptible to outsiders. When prompted to enter a PIN code, the user presses and holds a large button on their smartphone screen. This activates a series of vibrations separated by pauses; the user counts the number of vibrations corresponding to the number they desire to enter, then releases the button and repeats the process until the desired numbers are entered.
While biometrics such as fingerprints and face scans are unique and easy to use, a person’s biometrics cannot be changed or reset, explains Stacey Watson, a lecturer in computer science and one of the researchers on the study.
“More traditional forms of entry are vulnerable due to many BLV people’s use of screen reader technology,” said Watson. “PIN users are vulnerable both to eavesdropping and shoulder surfing attacks, which is where someone nearby can observe a user’s device without their knowledge.”
In a research study, nine BLV participants installed OneButtonPIN apps on their phones. They were first tasked with entering randomly generated PINs using the OneButtonPIN method several times, then instructed to use the app at least once a day for a week as part of a diary study. The study revealed that OneButtonPIN allowed users to input codes with an average of 83.6 per cent accuracy or above, as opposed to 78.1 per cent accuracy using traditional methods.
The method also proved to be incredibly secure. In the second stage of the study, 10 sighted participants watched videos of people using both traditional PIN entry methods and OneButtonPIN, then attempted to guess their PIN codes. Every participant was able to successfully guess users’ PINs using traditional methods, but no one could successfully guess code input using OneButtonPIN.
“While OneButtonPIN was designed for BLV people, many users will appreciate the added security,” Watson said. “When we make things more accessible, we make things more usable for the average user as well.”
The study was published in the Proceedings of the ACM on Human-Computer Interaction.
The University of Waterloo acknowledges that much of our work takes place on the traditional territory of the Neutral, Anishinaabeg and Haudenosaunee peoples. Our main campus is situated on the Haldimand Tract, the land granted to the Six Nations that includes six miles on each side of the Grand River. Our active work toward reconciliation takes place across our campuses through research, learning, teaching, and community building, and is co-ordinated within the Office of Indigenous Relations.