Figure 1: We investigate how graphical filters impact the usability and security of text passwords on mobile devices compared to displaying them in plain text or asterisks. It is difficult to mentally reverse distortions, hence it is challenging for observers to know what the text passwords above are. At the same time, if a user knows that the leftmost word is Color-Halftone, they can easily map the word's letters to the distortions. This improves error correction, while maintaining observation resistance.
ABSTRACTEntering text passwords on mobile devices is a significant challenge. Current systems either display passwords in plain text: making them visible to bystanders, or replace characters with asterisks shortly after they are typed: making editing them harder. This work presents a novel approach to mask text passwords by distorting them using graphical filters. Distorted passwords are difficult to observe by attackers because they cannot mentally reverse the distortions. Yet passwords remain readable by their owners because humans can recognize visually distorted versions of content they saw before. We present results of an online questionnaire and a user study where we compared Color-halftone, Crystallize, Blurring, and Mosaic filters to Plain text and Asterisks when 1) entering, 2) editing, and 3) shoulder surfing one-word passwords, random character passwords, and passphrases. Rigorous analysis shows that Color-halftone and Crystallize filters significantly improve editing speed, editing accuracy and observation resistance compared to current approaches.
CCS CONCEPTS• Security and privacy → Authentication; • Human-centered computing → Human computer interaction.