SMS
RSS feeds
Reddit
NewsvineATM customers fearful of “shoulder surfers,” low-tech criminals known for stealing PIN codes by lurking behind users, may no longer have to worry about finding emptied bank accounts after they fail to shield the keypad. A new technology from Stanford researchers can ensure that your PIN code is for your eyes only.
The program, called EyePassword, lets ATM customers use their gaze to type in passwords. An invisible infrared beam tracks users’ pupils as they stare at letters in an on-screen keyboard.
EyePassword gained recent media attention when it was featured in the Sept. 17 issue of Business Week. Manu Kumar M.S. ‘05, Ph.D. ‘07, lead researcher on the project, described it as an “initial foray” into using eye gaze tracking for security applications.
The technology addresses a serious security concern with conventional PIN-punching at the ATM. Unlike finger typing, eye movement is tough to track, effectively protecting ATM customers from shoulder surfers.
Other alternatives to conventional keyboard password entry include biometric strategies, such as retinal scanning and fingerprint identification. While such technologies have a satisfyingly futuristic feel, Kumar explained that they have one main disadvantage.
“While it’s easy to change your password, it’s obviously not so easy to change your fingerprint or retinal scan,” he wrote in an email to The Daily.
ATM users can change their passwords more easily than they can change their fingerprints. Unlike fingertips, passwords set up using EyePassword can be changed at will.
Kumar’s team tested EyePassword with 18 subjects in order to compare error rates in password entry and the time it took to enter those passwords. While error rates with EyePassword and conventional keyboards were similar, the gaze tracking technology took between seven and 10 seconds longer than conventional PIN entry.
Despite the extra time, over 80 percent of the test subjects said they preferred EyePassword to conventional password entry methods.
Unfortunately, the technology will not be seen at the corner ATM anytime soon.
“Eyetrackers currently cost a lot,” Kumar said.
A $25,000 price tag on the devices means that widespread adoption is not yet practical. But Kumar said he hopes this will change.
“It is our hope that, in the future, these devices can be built very inexpensively,” he said, “so that they can be part of every laptop and desktop.”
For people worried about protecting their money from shoulder surfers, that day cannot come soon enough.
Contact Shelby Martin at samartin@stanford.edu.