ABSTRACT
Visually impaired users face various challenges in web authentication. We designed UniPass, an accessible password manager for visually impaired users based on a smart device. To evaluate UniPass, we tested and compared UniPass with two commercial password managers: LastPass, a popular password manager and StrongPass, a smart device-based password manager. Our study results of ten users, six blind and four with low vision, suggest that password managers are a promising authentication approach for visually impaired users. Participants using UniPass had the highest task completion rate and took the shortest time to complete an authentication related task. Furthermore, the majority (seven out of ten) of our participants preferred UniPass over LastPass and StrongPass.
- Authomate. 2016. StrongPass. http://x.authomate.com/StrongPass/signup.html. (2016). Feb. 23, 2016.Google Scholar
- Shiri Azenkot, Kyle Rector, Richard Ladner, and Jacob Wobbrock. 2012. PassChords: Secure Multi-touch Authentication for Blind People. In Proceedings of the 14th International ACM SIGACCESS Conference on Computers and Accessibility (ASSETS '12). ACM, New York, NY, USA, 159--166. DOI:http://dx.doi.org/10.1145/2384916.2384945 Google ScholarDigital Library
- Nata M. Barbosa. 2014. Strategies: An Inclusive Authentication Framework. In Proceedings of the 16th International ACM SIGACCESS Conference on Computers & Accessibility (ASSETS '14). ACM, New York, NY, USA, 335--336. DOI:http://dx.doi.org/10.1145/2661334.2661413 Google ScholarDigital Library
- Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, and Frank Stajano. 2012. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP '12). IEEE Computer Society, Washington, DC, USA, 553--567. DOI:http://dx.doi.org/10.1109/SP.2012.44 Google ScholarDigital Library
- Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, and Frank Stajano. 2015. Passwords and the Evolution of Imperfect Authentication. Commun. ACM 58, 7 (June 2015), 78--87. DOI:http://dx.doi.org/10.1145/2699390 Google ScholarDigital Library
- Yevgen Borodin, Jeffrey P. Bigham, Glenn Dausch, and I. V. Ramakrishnan. 2010. More Than Meets the Eye: A Survey of Screen-reader Browsing Strategies. In Proceedings of the 2010 International Cross Disciplinary Conference on Web Accessibility (W4A) (W4A '10). ACM, New York, NY, USA, 13:1--13:10. DOI:http://dx.doi.org/10.1145/1805986.1806005 Google ScholarDigital Library
- Sonia Chiasson, P. C. van Oorschot, and Robert Biddle. 2006. A Usability Study and Critique of Two Password Managers. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15 (USENIX-SS'06). USENIX Association, Berkeley, CA, USA, Article 1. http://dl.acm.org/citation.cfm?id=1267336.1267337 Google ScholarDigital Library
- Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. 2012. Touch Me Once and I Know It's You!: Implicit Authentication Based on Touch Screen Patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '12). ACM, New York, NY, USA, 987--996. DOI:http://dx.doi.org/10.1145/2207676.2208544 Google ScholarDigital Library
- Alexander De Luca and Janne Lindqvist. 2015. Is secure and usable smartphone authentication asking too much? Computer 48, 5 (May 2015), 64--68. DOI:http://dx.doi.org/doi:10.1109/MC.2015.134Google Scholar
- Bryan Dosono, Jordan Hayes, and Yang Wang. 2015. "I'm Stuck!": A Contextual Inquiry of People with Visual Impairments in Authentication. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). USENIX Association, Ottawa, 151--168. https://www.usenix.org/conference/soups2015/proceedings/presentation/dosonoGoogle Scholar
- Maarten Everts, Jaap-Henk Hoepman, and Johanneke Siljee. 2013. UbiKiMa: Ubiquitous Authentication Using a Smartphone, Migrating from Passwords to Strong Cryptography. In Proceedings of the 2013 ACM Workshop on Digital Identity Management (DIM '13). ACM, New York, NY, USA, 19--24. DOI:http://dx.doi.org/10.1145/2517881.2517885 Google ScholarDigital Library
- Shirley Gaw and Edward W Felten. 2006. Password Management Strategies for Online Accounts. In Proceedings of the Second Symposium on Usable Privacy and Security (SOUPS '06). ACM, New York, NY, USA, 44--55. DOI:http://dx.doi.org/10.1145/1143120.1143127 Google ScholarDigital Library
- Eiji Hayashi and Jason I. Hong. 2015. Knock x Knock: The Design and Evaluation of a Unified Authentication Management System. In Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp '15). ACM, New York, NY, USA, 379--389. DOI:http://dx.doi.org/10.1145/2750858.2804279 Google ScholarDigital Library
- Markus Jakobsson, Elaine Shi, Philippe Golle, and Richard Chow. 2009. Implicit Authentication for Mobile Devices. In Proceedings of the 4th USENIX Conference on Hot Topics in Security (HotSec'09). USENIX Association, Berkeley, CA, USA, 9--9. http://dl.acm.org/citation.cfm?id=1855628.1855637 Google ScholarDigital Library
- Ambarish Karole, Nitesh Saxena, and Nicolas Christin. 2011. A Comparative Usability Evaluation of Traditional Password Managers. In Proceedings of the 13th International Conference on Information Security and Cryptology (ICISC'10). Springer-Verlag, Berlin, Heidelberg, 233--251. http://dl.acm.org/citation.cfm?id=2041036.2041056 Google ScholarDigital Library
- Patrick Langdon, John Clarkson, and Peter Robinson. 2008. Investigating the security-related challenges of blind users on the Web. In Designing Inclusive Futures, Patrick Langdon, John Clarkson, and Peter Robinson (Eds.). Springer, Cambridge, UK, Chapter 13, 129--138.Google Scholar
- LastPass. 2016. LastPass. http://lastpass.com/. (2016). Feb. 23, 2016.Google Scholar
- Zhiwei Li, Warren He, Devdatta Akhawe, and Dawn Song. 2014. The Emperor's New Password Manager: Security Analysis of Web-based Password Managers. In Proceedings of the 23rd USENIX Conference on Security Symposium (SEC 14). Berkeley, CA, USA, 465--479. http://dl.acm.org/citation.cfm?id=2671225.2671255 Google ScholarDigital Library
- Daniel McCarney. 2013. Password Managers: Comparative Evaluation, Design, Implementation and Empirical Analysis. Master's thesis. Carleton University, Ottawa, ON, Canada.Google Scholar
- Daniel McCarney, David Barrera, Jeremy Clark, Sonia Chiasson, and Paul C. van Oorschot. 2012. Tapas: Design, Implementation, and Usability Evaluation of a Password Manager. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12). ACM, New York, NY, USA, 89--98. DOI:http://dx.doi.org/10.1145/2420950.2420964 Google ScholarDigital Library
- Emma Murphy, Ravi Kuber, Graham McAllister, Philip Strain, and Wai Yu. 2008. An Empirical Investigation into the Difficulties Experienced by Visually Impaired Internet Users. Univers. Access Inf. Soc. 7, 1 (March 2008), 79--91. DOI:http://dx.doi.org/10.1007/s10209-007-0098-4 Google ScholarDigital Library
- David Silver, Suman Jana, Dan Boneh, Eric Chen, and Collin Jackson. 2014. Password Managers: Attacks and Defenses. In Proceedings of the 23rd USENIX Conference on Security Symposium (SEC 14). USENIX Association, Berkeley, CA, USA, 449--464. http://dl.acm.org/citation.cfm?id=2671225.2671254 Google ScholarDigital Library
- Boris Smus. 2016. Ultrasonic Networking. https://github.com/borismus/sonicnet.js. (2016). Mar. 30, 2016.Google Scholar
- Jacob O. Wobbrock, Shaun K. Kane, Krzysztof Z. Gajos, Susumu Harada, and Jon Froehlich. 2011. Ability-Based Design: Concept, Principles and Examples. ACM Trans. Access. Comput. 3, 3, Article 9 (April 2011), 27 pages. DOI:http://dx.doi.org/10.1145/1952383.1952384 Google ScholarDigital Library
- Rui Zhao and Chuan Yue. 2013. All Your Browser-saved Passwords Could Belong to Us: A Security Analysis and a Cloud-based New Design. In Proceedings of the Third ACM Conference on Data and Application Security and Privacy (CODASPY '13). ACM, New York, NY, USA, 333--340. DOI:http://dx.doi.org/10.1145/2435349.2435397 Google ScholarDigital Library
Index Terms
- UniPass: design and evaluation of a smart device-based password manager for visually impaired users
Recommendations
What Makes Videos Accessible to Blind and Visually Impaired People?
CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing SystemsUser-generated videos are an increasingly important source of information online, yet most online videos are inaccessible to blind and visually impaired (BVI) people. To find videos that are accessible, or understandable without additional description ...
Exploring the Opportunities and Challenges with Exercise Technologies for People who are Blind or Low-Vision
ASSETS '15: Proceedings of the 17th International ACM SIGACCESS Conference on Computers & AccessibilityPeople who are blind or low-vision may have a harder time participating in exercise due to inaccessibility or lack of experience. We employed Value Sensitive Design (VSD) to explore the potential of technology to enhance exercise for people who are ...
User centered inclusive design process: a 'situationally-induced impairments and disabilities' perspective
HCI'13: Proceedings of the 15th international conference on Human-Computer Interaction: human-centred design approaches, methods, tools, and environments - Volume Part IMobile phones provide many functions to improve people's daily lives. However, there are some difficulties to apply the specialty of the mobile device on existing simple schematics of drawings and the approaches. Moreover, regarding handicapped people ...
Comments