SIGACCESS

Department of Computer Science, University of Washington

Blind mobile device users face security risks such as inacces­ sible authentication methods, and aural and visual eavesdropping. We interviewed 13 blind smartphone users and found that most participants were unaware of or not con­ cerned about potential security threats. Not a single participant used optional authentication methods such as a password-protected screen lock. We addressed the high risk of unauthorized user access by developing PassChords, a non-visual authentication method for touch surfaces that is robust to aural and visual eavesdropping. A user enters a PassChord by tapping several times on a touch surface with one or more fingers. The set of fingers used in each tap defines the password. We give preliminary evidence that a four-tap PassChord has about the same entropy, a measure of password strength, as a four-digit personal identification number (PIN) used in the iPhone’s Passcode Lock. We conducted a study with 16 blind participants that showed that PassChords were nearly three times as fast as iPhone’s Passcode Lock with VoiceOver, suggesting that PassChords are a viable accessible authentication method for touch screens.