"Your Eyes Tell You Have Used This Password Before": Identifying Password Reuse from Gaze and Keystroke Dynamics.

Computing and Communications

Text available via DOI:

https://doi.org/10.1145/3491102.3517531
Final published version

Keywords

Gaze Behavior, Keystroke Dynamics, Machine Learning, Passwords

View graph of relations

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review

Published

Standard

"Your Eyes Tell You Have Used This Password Before": Identifying Password Reuse from Gaze and Keystroke Dynamics. / Abdrabou, Yasmeen; Schütte, Johannes; Shams, Ahmed et al.
CHI 2022 - Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery (ACM), 2022. p. 1-16 400 (Conference on Human Factors in Computing Systems - Proceedings).

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review

Harvard

Abdrabou, Y, Schütte, J, Shams, A, Pfeuffer, K, Buschek, D, Khamis, M & Alt, F 2022, "Your Eyes Tell You Have Used This Password Before": Identifying Password Reuse from Gaze and Keystroke Dynamics. in CHI 2022 - Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems., 400, Conference on Human Factors in Computing Systems - Proceedings, Association for Computing Machinery (ACM), pp. 1-16, CHI '22: 2022 CHI Conference on Human Factors in Computing Systems, New Orleans, Louisiana, United States, 29/04/22. https://doi.org/10.1145/3491102.3517531

APA

Abdrabou, Y., Schütte, J., Shams, A., Pfeuffer, K., Buschek, D., Khamis, M., & Alt, F. (2022). "Your Eyes Tell You Have Used This Password Before": Identifying Password Reuse from Gaze and Keystroke Dynamics. In CHI 2022 - Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (pp. 1-16). Article 400 (Conference on Human Factors in Computing Systems - Proceedings). Association for Computing Machinery (ACM). https://doi.org/10.1145/3491102.3517531

Vancouver

Abdrabou Y, Schütte J, Shams A, Pfeuffer K, Buschek D, Khamis M et al. "Your Eyes Tell You Have Used This Password Before": Identifying Password Reuse from Gaze and Keystroke Dynamics. In CHI 2022 - Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery (ACM). 2022. p. 1-16. 400. (Conference on Human Factors in Computing Systems - Proceedings). doi: 10.1145/3491102.3517531

Author

Abdrabou, Yasmeen ; Schütte, Johannes ; Shams, Ahmed et al. / "Your Eyes Tell You Have Used This Password Before": Identifying Password Reuse from Gaze and Keystroke Dynamics. CHI 2022 - Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery (ACM), 2022. pp. 1-16 (Conference on Human Factors in Computing Systems - Proceedings).

Bibtex

@inproceedings{1462d9808ca8406f853a4684bfd36d9b,

title = "{"}Your Eyes Tell You Have Used This Password Before{"}: Identifying Password Reuse from Gaze and Keystroke Dynamics.",

abstract = "A significant drawback of text passwords for end-user authentication is password reuse. We propose a novel approach to detect password reuse by leveraging gaze as well as typing behavior and study its accuracy. We collected gaze and typing behavior from 49 users while creating accounts for 1) a webmail client and 2) a news website. While most participants came up with a new password, 32% reported having reused an old password when setting up their accounts. We then compared different ML models to detect password reuse from the collected data. Our models achieve an accuracy of up to 87.7% in detecting password reuse from gaze, 75.8% accuracy from typing, and 88.75% when considering both types of behavior. We demonstrate that using gaze, password reuse can already be detected during the registration process, before users entered their password. Our work paves the road for developing novel interventions to prevent password reuse.",

keywords = "Gaze Behavior, Keystroke Dynamics, Machine Learning, Passwords",

author = "Yasmeen Abdrabou and Johannes Sch{\"u}tte and Ahmed Shams and Ken Pfeuffer and Daniel Buschek and Mohamed Khamis and Florian Alt",

year = "2022",

month = apr,

day = "29",

doi = "10.1145/3491102.3517531",

language = "English",

series = "Conference on Human Factors in Computing Systems - Proceedings",

publisher = "Association for Computing Machinery (ACM)",

pages = "1--16",

booktitle = "CHI 2022 - Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems",

address = "United States",

note = "CHI '22: 2022 CHI Conference on Human Factors in Computing Systems ; Conference date: 29-04-2022 Through 05-05-2022",

url = "https://chi2022.acm.org/",

}

RIS

TY - GEN

T1 - "Your Eyes Tell You Have Used This Password Before": Identifying Password Reuse from Gaze and Keystroke Dynamics.

AU - Abdrabou, Yasmeen

AU - Schütte, Johannes

AU - Shams, Ahmed

AU - Pfeuffer, Ken

AU - Buschek, Daniel

AU - Khamis, Mohamed

AU - Alt, Florian

PY - 2022/4/29

Y1 - 2022/4/29

N2 - A significant drawback of text passwords for end-user authentication is password reuse. We propose a novel approach to detect password reuse by leveraging gaze as well as typing behavior and study its accuracy. We collected gaze and typing behavior from 49 users while creating accounts for 1) a webmail client and 2) a news website. While most participants came up with a new password, 32% reported having reused an old password when setting up their accounts. We then compared different ML models to detect password reuse from the collected data. Our models achieve an accuracy of up to 87.7% in detecting password reuse from gaze, 75.8% accuracy from typing, and 88.75% when considering both types of behavior. We demonstrate that using gaze, password reuse can already be detected during the registration process, before users entered their password. Our work paves the road for developing novel interventions to prevent password reuse.

AB - A significant drawback of text passwords for end-user authentication is password reuse. We propose a novel approach to detect password reuse by leveraging gaze as well as typing behavior and study its accuracy. We collected gaze and typing behavior from 49 users while creating accounts for 1) a webmail client and 2) a news website. While most participants came up with a new password, 32% reported having reused an old password when setting up their accounts. We then compared different ML models to detect password reuse from the collected data. Our models achieve an accuracy of up to 87.7% in detecting password reuse from gaze, 75.8% accuracy from typing, and 88.75% when considering both types of behavior. We demonstrate that using gaze, password reuse can already be detected during the registration process, before users entered their password. Our work paves the road for developing novel interventions to prevent password reuse.

KW - Gaze Behavior

KW - Keystroke Dynamics

KW - Machine Learning

KW - Passwords

U2 - 10.1145/3491102.3517531

DO - 10.1145/3491102.3517531

M3 - Conference contribution/Paper

T3 - Conference on Human Factors in Computing Systems - Proceedings

SP - 1

EP - 16

BT - CHI 2022 - Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems

PB - Association for Computing Machinery (ACM)

T2 - CHI '22: 2022 CHI Conference on Human Factors in Computing Systems

Y2 - 29 April 2022 through 5 May 2022

ER -

Research

Links

Text available via DOI:

Keywords