Enlighten Publications

In this section

"Your Eyes Tell You Have Used This Password Before": Identifying Password Reuse from Gaze and Keystroke Dynamics

Abdrabou, Y., Schütte, J., Shams, A., Pfeuffer, K., Buschek, D., Khamis, M. and Alt, F. (2022) "Your Eyes Tell You Have Used This Password Before": Identifying Password Reuse from Gaze and Keystroke Dynamics. In: 2022 CHI Conference on Human Factors in Computing Systems (CHI '22), New Orleans, LA, USA, 30 Apr - 05 May 2022, p. 400. ISBN 9781450391573 (doi: 10.1145/3491102.3517531)

Text
267383.pdf - Accepted Version
2MB

Abstract

A significant drawback of text passwords for end-user authentication is password reuse. We propose a novel approach to detect password reuse by leveraging gaze as well as typing behavior and study its accuracy. We collected gaze and typing behavior from 49 users while creating accounts for 1) a webmail client and 2) a news website. While most participants came up with a new password, 32% reported having reused an old password when setting up their accounts. We then compared different ML models to detect password reuse from the collected data. Our models achieve an accuracy of up to 87.7% in detecting password reuse from gaze, 75.8% accuracy from typing, and 88.75% when considering both types of behavior. We demonstrate that using gaze, password reuse can already be detected during the registration process, before users entered their password. Our work paves the road for developing novel interventions to prevent password reuse.

Item Type:	Conference Proceedings
Additional Information:	This work was supported by the Royal Society of Edinburgh (RSE award no. 65040 and 1931), the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, which has been funded by the UK EPSRC under grant number EP/S035362/1, EPSRC New Investigator Award (EP/V008870/1), DFG grant no. 316457582 and 425869382, dtec.bw-Digitalization and Technology Research Center of the Bundeswehr (Voice of Wisdom), and the Studienstiftung des deutschen Volkes. This project was also partly funded by the Bavarian State Ministry of Science and the Arts and coordinated by the Bavarian Research Institute for Digital Transformation (bidt).
Status:	Published
Refereed:	Yes
Glasgow Author(s) Enlighten ID:	Khamis, Dr Mohamed
Authors:	Abdrabou, Y., Schütte, J., Shams, A., Pfeuffer, K., Buschek, D., Khamis, M., and Alt, F.
College/School:	College of Science and Engineering > School of Computing Science
ISBN:	9781450391573
Copyright Holders:	Copyright © 2022 The Authors
First Published:	First published in 2022 CHI Conference on Human Factors in Computing Systems (CHI '22): 400
Publisher Policy:	Reproduced in accordance with the publisher copyright policy
Related URLs:	Organisation

University Staff: Request a correction | Enlighten Editors: Update this record

Funder and Project Information

Project Code	Project Name	Principal Investigator	Funder's Name	Funder Ref	Lead Dept
309501	RSE Enterprise	Mohamed Khamis	The Royal Society of Edinburgh (ROYSOCED)	65040	Computing Science
315843	EyeSec: Eye Tracking in Security Applications	Mohamed Khamis	The Royal Society of Edinburgh (ROYSOCED)	1931	Computing Science
310627	TAPS: Assessing, Mitigating and Raising Awareness of the Security and Privacy Risks of Thermal Imaging	Mohamed Khamis	Engineering and Physical Sciences Research Council (EPSRC)	EP/V008870/1	Computing Science
313490	Preventing THErmal ATtacks using AI-driven Approaches	Mohamed Khamis	Engineering and Physical Sciences Research Council (EPSRC)	5676417 -PETRAS	Computing Science

Deposit and Record Details

ID Code:	267383
Depositing User:	Ms Rachael Briggs
Datestamp:	17 Mar 2022 12:51
Last Modified:	13 Jul 2023 15:05
Date of acceptance:	16 March 2022
Date of first online publication:	29 April 2022
Date Deposited:	17 March 2022
Data Availability Statement:	No