Awards Icon Best Paper Nomination at ASSETS 2018

People who are blind or have low vision can use smartphones thanks to their native accessibility features, such as screen readers and screen magnifiers. However, typing passwords while having those features turned on may expose users to attackers. Through an online survey, we investigated how people with vision impairment deal with passwords on mobile contexts and how they perceive different user authentication methods.

We collected data from 325 people with vision impairment from 12 countries and found accessibility issues on existing user authentication methods. Here are the highlights of the study:

  • Three quarters (75%) of those who own smartphones protect them with authentication methods.
  • Most participants felt able or very able to protect their digital information
  • The majority of respondents consider fingerprint to be the most secure and accessible user authentication method and PINs the least secure user authentication method.
  • Vision-impaired people have concerns with using passwords in public because of the risk of an attacker stealing passwords by looking over their shoulder.
  • Most behaviours and preferences were equal between participants who were blind and those with low vision, though blind people considered patterns and iris scans the least accessible methods, while people with low vision selected alphanumeric passwords and PINs.

This shows us a truly accessible solution for vision-impaired people should not require precise manipulation of visual items, the use of the users’ eyes or the use of keyboards with screen magnifiers.

Graph shows information of participants use and perceptions on 7 user authentication methods:
Fingerprint: used by 73% of participants, considered the most secure method by 57% and the most accessible by 62%. Selected as the least secure by 2% and the least accessible by 4%.
PIN: used by 16.4%% of participants, considered the most secure method by 7% and the most accessible by 18%. Selected as the least secure by 46% and the least accessible by 15%.
Alphanumeric: used by 4.9% of participants, considered the most secure method by 12% and the most accessible by 7%. Selected as the least secure by 4% and the least accessible by 19%.
Facial recognition: used by 1.8% of participants, considered the most secure method by 8% and the most accessible by 7%. Selected as the least secure by 5% and the least accessible by 11%.0
Pattern: used by 1.8% of participants, considered the most secure method by 2% and the most accessible by 1%. Selected as the least secure by 24% and the least accessible by 20%.
Iris scan: not used by participants, considered the most secure method by 6% and the most accessible by 1%. Selected as the least secure by 1% and the least accessible by 20%.
Voice recognition: not used by participants, considered the most secure method by 5% and the most accessible by 8%. Selected as the least secure by 14% and the least accessible by 6%.
Participants most used selections of most secure (green), most accessible (blue), least secure (red), and least accessible (yellow) user authentication methods.

Screen magnifier enlarging PIN numbers

People

Publications

conference

Understanding Authentication Method Use on Mobile Devices by People with Vision Impairment

Daniella Briotto Faustino, Audrey Girouard

ACM SIGACCESS Conference on Computers and Accessibility (ASSETS), 2018

poster

Understanding Password Use by People with Vision Impairment: Initial Results of a Survey

Daniella Briotto Faustino

ACM Student Research Competition, Grace Hopper Celebration, 2018