"Your Eyes Say You Have Used This Password Before": Identifying Password Reuse from Gaze Behavior and Keystroke Dynamics


A significant drawback of text passwords for end-user authentication is password reuse. We propose a novel approach to detect password reuse by leveraging gaze as well as typing behavior and study its accuracy. We collected gaze and typing behavior from 49 users while creating accounts for 1) a webmail client and 2) a news website. While most participants came up with a new password, 32% reported having reused an old password when setting up their accounts. We then compared different ML models to detect password reuse from the collected data. Our models achieve an accuracy of up to 87.7% in detecting password reuse from gaze, 75.8% accuracy from typing, and 88.75% when considering both types of behavior. We demonstrate that \revised{using gaze, password} reuse can already be detected during the registration process, before users entered their password. Our work paves the road for developing novel interventions to prevent password reuse.

Yasmeen Abdrabou
Bundeswehr University Munich, Munich, Bayern, Germany
Johannes Schütte
Bundeswehr University Munich, Munich, Germany
Ahmed Shams
German University in Cairo, Cairo, Egypt
Ken Pfeuffer
Aarhus University, Aarhus, Denmark
Daniel Buschek
University of Bayreuth, Bayreuth, Germany
Mohamed Khamis
University of Glasgow, Glasgow, United Kingdom
Florian Alt
Bundeswehr University Munich, Munich, Germany



会議: CHI 2022

The ACM CHI Conference on Human Factors in Computing Systems (https://chi2022.acm.org/)

セッション: Touch and tangibility

5 件の発表
2022-05-05 01:15:00
2022-05-05 02:30:00