Toward Tactile Authentication for Blind Users
Shiva Sharma, Information Systems
Faculty Mentor: Dr.Ravi Kuber
Email: ss12@umbc.edu
Abstract
A tactile authentication system has been developed to address the challenges faced by blind users
when entering passwords to access personal information stored in electronic format. Issues
commonly encountered include inaccessible feedback presented by systemsand the risk of third
parties viewing passwords whilst being entered, thereby compromising security. Users will enter
a ‘tactile password’, comprised of four pin patterns presented via cells on a tactile mouse. As the
pin patterns are presented beneath the fingertips, they are accessible by a wide range of users,
and hidden from ‘shoulder surfers’. A study will be undertaken to identify whether the tactile
stimuli are memorable and examine usability of the interface.
Figure 1. Grid squares containing tactile stimuli
Figure 2. VT Player (Virtouch Ltd)
Figure 3. Examples of pin patterns which form an
authentication sequence
Figure 4. Different tactile stimuli are
temporally presented within one square
INTRODUCTION
Information technology has been the essential part of our life. As we all know, technology is
changing every day becoming ever more complex and enormous. Technology should be
designed to simplify the complexity that users face. It is even more difficult for blind users who
have to depend heavily on technology to perform normal activities that we take for granted.
Along with the technology come the larger issues about its security and privacy. How blind users
can preserve their security and how technology can help them is another critical part of today’s
information technology. We all know that no system is 100% secure and reliable .There are
constant threats to all users, from blind to normal users. For blind users, this is an even bigger
concern. They have to depend on assistive technology to perceive the information. Our research
tried to find a way to improve the exchange of information by blind users through the use of
assistive devices like the tactile mouse. We examined how a better interface, system feedback,
sense of touch and reliable system can bridge the gap between security and reliability that most
of the blind users find challenging in today’s fast moving world.
After testing users for a month we found interesting facts about the users’ interaction with the
TAS system. In this study, we asked two set of questions, one usability related and one
authentication experience related. These questions were an important part of the study. Described
below are the users’ educational background, work experience, computer experience and
usability related analysis.
The users were asked to choose four tactile sensations from a choice of 36 pin patterns during an
enrollment procedure. These pin patterns are distinct from one another, allowing each user to
differentiate between the stimuli. The four tactile sensations selected by the users were saved in
sequence order within the database. Users were given several practice sessions before they
selected their final password.
Procedure:
Step 1) User creates his/her profile/selects his/her name from the profile
Step 2) User is presented with a rage of tactile stimuli. Each stimulusi is randomized and
changed every 5 seconds. User chooses 4 sets of tactile stimuli.
Step 3) User is presented with a memorization screen so that they can remember their password
order and pattern before they finally attempt their password.
Step 4) User enters the correct password to verify their valid authentication. If user can identify
the correct pin patterns the system is accessible. In the case of more than 3 failed attempts,
system prompts user to change his/her password.
User demographics
The participants were selected according to their age, computing experience and educational
background. Due to the differences in these areas, users described the TAS experience
differently.
Users age 20-39 spent less time selecting their password after they were trained. When we asked
why they were spending less time in selecting the password, they mentioned that they are
comfortable remembering the pin pattern that appears in the beginning of the stage. The users
mentioned that the system was user friendly. Audio feedback was essential for them because as
they were making progress on each stage, they felt the audio feedback helped them track their
current stage and know how many stages were left.
Users age 40-59 took more time selecting their password and they tried to feel the pins as much
as possible. They used this strategy so that they could choose patterns that were easier to
remember.
When the users were asked to describe their password after they selected it, most of the users
used hand movements to describe their password. Some of them even described animated pin
pattern with sounds like zzzzzzz, uuuuu. Even though most of the users used one or two similar
password numbers, they described it in a completely different manner. Users describing their
experience differently were one of the key factors for this study. It shows that users with
different ages, educational backgrounds and computing experience can describe the same thing
in very different ways.
Table 1: User age
Age
20-29
30-39
40-49
50-59
No of users
12
1
2
1
Table 2: Highest Education Level
Highest Education
Some high school
High school graduate
College
College graduate
Level
2
2
4
8
Table 3: Computer experience and use of technology
Computer user
Normal
Intermediate
Advanced
Never used computer
No of participants
1
2
11
2
Recognition vs. Recall
During the study we asked the users how they picked their tactile password and what method
they used to remember their password using the tactile mouse. Most of the users mentioned that
they picked their tactile password using the following factors:
1) By selecting minimum or maximum pin movement.
2) By selecting all static pins or all animated pins.
3) By thinking in their mind and making patterns.
Users used the recognition method to retrieve their password. During the password entry phase,
they mentioned that they could recognize their pin when they were allowed to choose it. Users
were usually confused when they had similar types of pins randomly generated by the system.
They had trouble telling the difference between the similar patterns.
Usability study
One of the users mentioned that “the tactile mouse was too large to comfortably use, so I used a
second (regular) mouse for my tests. Part of the trouble I had was using the second mouse with
my left hand. Some of the mistakes I made were because I had to remember to use that hand,
which delayed my response enough that I clicked on the pin pattern after mine. If the mouse can
be made less cumbersome to use, I think the pin pattern system will help blind users securely
enter passwords.”
Most of the users shared a similar story. Since they normally used a single small mouse to
accomplish their computing tasks, the size of the tactile mouse and navigating one mouse with
each hand created confusion. They recommended that using a small tactile mouse would help
users successfully enter the password. Then we asked users about their user experience and
whether this system would benefit blinds users. Almost all users had a positive response to this
question. They mentioned that the system will be helpful to blind users because its voice
feedback when user performs the action will tell the users where they are and what they are
doing within the system. Users added that since the mouse is designed for the blind and most of
the blind users use Braille devices it could be easily incorporated.
Security
Users mentioned that because the pin movements are hidden under the user’s finger tips, it
makes the system secure from shoulder surfing. They still felt that the system can be improved
by adding more security features like storing passwords in a database or by using data encryption
methods so if someone hacked into the system the person could not figure out the user’s
password.
Average time taken by users
Average time: During the first week, the average was 130.4 seconds
Average time: During the second week, the average time was 136.546 seconds
Average time: During the fourth week, the average time was 136.14 seconds
Over the four weeks of the testing period, users never requested to reset their password and none of the
users asked to change their password. Users selected their password carefully. They never clicked
randomly; they made sure to select pin patterns that could be remembered for a long time. When pin
patterns were randomized, everyday users were still able to recognize their password. They even
mentioned that the pin pattern had been changed and knew that the pins were in a different order. This
shows that users are recognizing the pin patterns themselves rather than recalling it by the sequence of
patterns. It was interesting to see the facial expressing on users as they were using the mouse. Some of the
users closed their eyes to recognize their password, while other users looked in the opposite direction
while they were entering their password.
Number of attempts weekly
Week 1 second attempts: 0 users
Week 2 second attempts: 5 times
Week 4 there were no second or third attempts by any users.
Final week comparison
During the first week, the users had some navigation problems with the tactile mouse. Users were having
trouble navigating the system with multiple mice. The average time for week 1 was less than the time for
week 2. The final week average time was 136 seconds. The average time was so long because users were
waiting to complete one whole cycle of each stage and because of the size of the mouse. They were not
able to click at the right time; as a result they missed their click and had to wait again to get back to their
password.
There are two reasons the users took a long time to enter their password on the final week. First, they had
a two week gap between testing sessions. Second, the pin pattern was randomized in the final testing
session. Users were very careful on their final week while entering their password. They were making
sure they were selecting their correct password by spending more time with the system.
Error made by users
Users original password
users entered
Wrong number
1182135
6182135
6
1182135
4182135
4
1182135
4182135
4
3182333
3181933
19
2101931
3102331
3,23
2101931
3102331
3,23
2101931
4101931
4
2101931
2102331
23
2101931
2102331
23
7162033
9162033
9
2132131
3132131
2
1132129
4132129
4
Most of the users made mistake in their first stage. Above data shows that one user made a mistake by
selecting the same wrong password twice. Many users selected number 4 and made mistakes.
pin 4 vs. pin 1
Comparing pin1 and pin 4, it shows that users got confused because each set of pins is raised on the four
corners and due to limited time they could not figure out the differences easily.
pin 23 vs. pin 19
Comparing pin 23 and pin 19, it is clear why several users made mistakes on this pattern. They are almost
identical and due to limited time to recognize patterns, most of the users failed. It proves that users made
mistakes because they could not distinguish between patterns which are almost identical to each other.
This problem can be resolved by generating pins which are completely different from each other.
pin 2 vs. pin 3
The above pins are identical in nature but they are oriented in opposite directions. This creates confusion
to the users who have a limited number of seconds to recognize the patterns. When these numbers are
randomized, they frequently came one after the other which often made users more puzzled; as a result
they made back to back mistakes.
During the trial period sighted users were using extra caution while navigating with the tactile mouse and
selecting their password. While blind users were very comfortable navigating with the mouse,it sighted
users acted as if they had never used a mouse and such pin patterns, whereas blind users were
comfortable with the tactile mouse. The main problem that blind users faced was animated pin patterns.
Since pin patterns were randomized, sometimes animation patterns appeared back to back, which made it
difficust for them to determine the difference between the two. Sighted users took more time to select and
enter their password whereas blind users were quick in choosing and entering their password. This shows
that blind users are comfortable with assistive technology.
CONCLUSIONS AND FUTURE WORK
The main problem with the system was navigating with two mice. Sometimes users did not click properly
with a regular mouse; as a result they ended up making mistakes. Most mistakes were made due to mouse
navigation rather than users not being able to recognize their password. Seeing those problems, I clicked
for those users. Overall, all users responded that the system is beneficial for the blind and would help
blind users. Users were interested to know when the system could be implemented for real-world use.
The blind participants shared valuable information about the system. One participant mentioned that an
animated pin pattern would be challenging to recognize. Adding more audio feedback would help the
beginner and be useful for loud environments. Providing the ability to monitor audio options would be
beneficial for users. This system is secure because all the interaction occurs beneath the fingertips of
users.
The password was easier to remember because it was short (only 4 patterns). It would be more difficult to
remember the password if it were longer. Users felt that the authentication patterns should be more
distinctive. The users had to wait a long time for their sequence to come up. In essence, this is a waste of
time. In cases where security is paramount this can be used, as it is one of the most secure ways to access
information.
After interacting with the users over four weeks, I found that we still need to improve the quality of the
system by adding more audio feedback, improving the interface design, making the system faster and
more robust, and by adding more security features. Letting users perform tasks by themselves, for
example by selecting their name from a dropdown menu to enter their password, would improve the
users’ experience. It would be interesting to introduce a screen reader to read the content of the interface
and ask users to navigate accordingly. After taking users’ comments into account, in the future we can
come up with a better authentication system that would help visually impaired users access information
without having to worry about security.