Identifying people by eye movements a potential replacement for passwords

Passwords, currently the most ubiquitous authentication mechanism in general-purpose applications, can be hard to remember and easy to steal. Biometric authentication—identification through a person's distinctive physical or behavioral characteristics—offers a more convenient alternative that requires no memorization. However, biometric systems have failed to gain widespread adoption, in part due to usability and cultural acceptability issues.¹

The ways in which a person's eyes move are, to some extent, unique. In the past few years, biometric authentication based on eye movement has emerged as an active area of research and development, giving rise to promising new algorithms and techniques with ever increasing performance.^{2, 3} We conducted a study on how potential users of such a system perceive its usability, security, and overall desirability.⁴ The aim of this work is to provide a human-centered perspective early in the development of this technology, leading to more user-friendly, socially acceptable authentication systems in the future.

Several distinct technical approaches to biometric authentication through eye movement characteristics have been proposed in the past few years, with varying levels of performance. All involve the use of an eye tracker, a device that uses reflection of IR light to measure the direction of a person's gaze many times per second. The person being identified gazes at some changing visual stimulus on a computer screen, while the eye tracker observes the movement of his or her eyes. The exact nature of the stimulus and the algorithm (that reduces the raw gaze observations to a biometric ‘template’ that can be matched against a database of authorized individuals) are both subjects of ongoing research.

We developed a series of high-fidelity prototypes of user interfaces for authenticating people at an automated teller machine (ATM). Because the underlying algorithms for recognizing users are still rapidly evolving, we focused on the design of the user interface, simulating the authentication mechanism. The system's decision to recognize or deny the user was determined ahead of time. The key difference between the designs tested was the visual stimulus shown on the screen while the eye tracker captured the user's eye movement data. One prototype used an array of stationary targets that users activated in sequence (see Figure 1), using their gaze, while another displayed a passage of text that users were required to read. For comparison, we also constructed a traditional authentication prototype using a personal identification number (PIN), the ATM analog of a password.

Figure 1. Users activate each circle using their gaze, while the eye tracker records eye movement data for authentication.

We recruited a group of 22 people to participate in a lab study where they were asked to authenticate several times with each of the prototype designs (see Figure 2). Participants were not aware that the acceptance or rejection of their biometric signature was predetermined, believing it to be a fully working system. We recorded the time taken to authenticate and any problems encountered, such as poor eye tracking accuracy. We also asked participants to rate and comment on the usability and security of each system tested. Their comments revealed an expectation that biometric authentication can provide stronger security than PINs, both because PINs can be stolen easily and reused, and because biometric technology is perceived as newer and more sophisticated. Between the two eye movement designs we tested, there were subtle differences in the level of security the participants perceived. Some believed that the reading-based design would capture more personally unique, identifiable features than the target-activation interface, making it more resilient to certain kinds of attacks. On the other hand, others felt that patterns of eye movement during a general activity like reading would be easier for a malicious third party to capture.

Figure 2. The eye tracker is positioned beneath the display in this automated teller machine authentication interface running on a computer.

As for usability, the targeting design was usually preferred over reading because of its game-like quality of interaction, requiring little attentiveness. (The text took longer to read and was difficult to process for some participants.) However, overshadowing these findings was the fact that eye trackers still must be calibrated to the user's eyes before each session, which adds 10–20 seconds of overhead to the authentication process. This barrier must be overcome in order for eye movement biometrics to achieve the speed and convenience of PIN- or password-based authentication.

Human-centered design that is principally guided by the needs and constraints of humans and social systems has played a relatively small role in the field of biometric systems research and development. That field has historically been driven by objective technology-centered metrics such as statistical accuracy and security of identification algorithms and sensors. We took a first look at how people might interact with a biometric authentication system based on unique eye movement characteristics.

Our findings demonstrate the effect that user interface design can have on usability and perceived security, both of which are critically important to the ultimate success or failure of a security system outside of the lab.^{5, 6} We hope that this work inspires further human-centered investigations of biometric security systems, and a greater appreciation of the human and social context in which security systems operate. In addition to research on the fundamental privacy and cultural acceptability issues related to biometric authentication, future work will ask how specific design choices influence the desirability of biometric authentication systems.

This research was supported by the National Institute of Standards and Technology under grant 60NANB10D213. We thank the Laboratory for Usability Testing and Evaluation at the University of Washington for equipment.