One Button PIN: A Single Authentication Method for Blind and Low Vision Users

A Personal Identification Number (PIN) is a widely adopted authentication method used by smartphones, ATMs, etc. PINs offer strong security and can be reset when compromised (unlike biometric authentication). However, PINs can be inaccessible for blind or low vision (BLV) users due to screen readers voicing PINs to bystanders or potential shoulder surfing attack risks-bystanders could watch the PIN being entered without the user noticing. They interviewed legally blind users who relied on assistive technologies to interact with their smartphones. They were all aware and showed concern regarding security and privacy issues. In addition, they have concerns about being overhead due to the use of screen readers. Research has already explored several innovative alternatives and more accessible authentification methods for BLV users. One of the famous approaches is tactile or tangible methods. There are some other methods developed that are focused on BLV uses. In Contrast, their approach mainly focuses on presenting a single-button interface to the users so that a shoulder-surfing attacker would not be able to identify the digits during PIN code entry. They offer OneButtonPIN, an interface to improve PIN entry accessibility and security for BLV users. Here, a single on-screen button, when pressed and held, triggers a haptic vibration sequence. A digit is entered by counting the vibrations and releasing the button. We explored introducing random timings to the vibration sequence to increase security. A week-long evaluation with 9 BLV participants and a security study with ten sighted participants acting as shoulder surfers demonstrated OneButtonPIN's usability and resilience against eavesdropping. Their study indicated that the participants could use their method with relatively high accuracy (over 83%). Their study also reported that the BLT participants found that the OneButton-PIN method was perceived as accessible and with higher security.