Abstract
With computers being used ever more ubiquitously in situations where
privacy is important, secure user authentication is a central requirement.
Gaze-based graphical passwords are a particularly promising means
for shoulder-surfing-resistant authentication, but selecting secure
passwords remains challenging. In this paper, we present a novel
gaze-based authentication scheme that makes use of cued-recall graphical
pass- words on a single image. In order to increase password security,
our approach uses a computational model of visual attention to mask
those areas of the image that are most likely to attract visual attention.
We create a realistic threat model for attacks that may occur in
public settings, such as filming the user\textquoterights interaction
while drawing money from an ATM. Based on a 12-participant user study,
we show that our approach is significantly more secure than a standard
image-based authentication and gaze-based 4-digit PIN entry.