杏吧原创

Tactile passwords could stop ATM ‘shoulder-surfing’

Entering passwords using a Braille-like device could help prevent snoopers from stealing sensitive computer codes, such as ATM numbers

Entering passwords using a Braille-like device could prevent snoopers from stealing sensitive computer codes, such as ATM numbers, researchers say.

Computer engineers at Queen鈥檚 University Belfast, UK, developed the tactile security system 鈥 a mouse with a grid of 16 mechanically-controlled pins that sit beneath the first and second finger of a user鈥檚 hand.

The system was originally developed for visually impaired computer users. Its designers claim the system is more secure than a conventional keyboard as it is impossible for anyone to spy on a user鈥檚 keystrokes.

To use the system a user moves the mouse over a grid of nine blank squares displayed on a computer screen. Rolling over each square causes a different pattern to appear under their fingertips.

A user is given a sequence of tactons to remember and simply clicks on the squares that match their pass-pattern. The sequence of tactons and squares is randomised each time, making it impossible for anyone to spy on a user as they click. A video shows a user negotiating four grids to enter their password (7MB requires Windows Media Player) and here is a .

Shoulder-surfers

It is virtually impossible for anyone to spy on the pattern sequence used, says Ravi Kuber, who created the system with colleague Wai Yu. 鈥淭he tactile displays are under your fingertips so there鈥檚 less chance of an observer 鈥榮houlder-surfing鈥 to get your authentication sequence.鈥

Kuber adds that, 鈥渆ven if someone tried to share their information, there鈥檚 no guarantee another person could replicate it.鈥 This is because it is inherently difficult to describe the tactile patterns used, he says.

Sixteen volunteers trialled the system at the university, using it to log onto their computers every working day for two weeks. To see how easy it was to recall their tacton pass sequence, the volunteers took a break for two weeks and then tried using the system again. They all managed to log in within two attempts.

On average, the volunteers took 38 seconds to log on using the system, but most also said the system made them feel more secure. Its designers have applied for a patent on the system and now plan to test it out over longer periods and compare its reliability and security against conventional passwords. Ultimately, they believe it could be used to make ATM machines more secure.

Finding patterns

Stephen Brewster, who works on computer interaction at Glasgow University in the UK, told New 杏吧原创: 鈥淚鈥檝e not heard of using tactile feedback for authentication before. It sounds like a good idea.鈥

However, Brewster adds that choosing tactons that are both easy to recognise and difficult to guess could be difficult: 鈥淔inding patterns that aren鈥檛 too hard to identify is the biggest problem,鈥 he says.

Better hardware could be the key to developing a more practical tactile authentication system, he suggests: 鈥淎n array of nine pins is crude compared to our sense of touch, there鈥檚 no reason the hardware couldn鈥檛 be improved.鈥

Details of the tactile authentication system were presented at the British Computing Society鈥檚 Human Computer Interaction Group conference at Queen Mary, University of London, UK, in September 2006.