Project Report HSF Research Area 4 -Graphical Authentication on Augmented Reality

Authenticating at Augmented Reality head-mounted displays (HMD) usually requires users to select their (6 digit) PIN on the virtual PIN pad once they start using the AR glasses. Unfortunately, the PIN entry can easily be observed. Past research has proposed fully shoulder surfing-resistant authentication schemes and some of them have also been applied and evaluated in the AR context. We had a closer look at "Things", a recognition-based graphical password scheme and (a) identified several shortcomings both with the scheme as well as with the methodology of previous evaluations; and (b) noticed that due to the virtual screen in AR HMD, it is worth studying whether there are grid sizes that fit better for this context than others. Consequently, we performed a between-subject lab study (N=126) evaluating three different combinations of grid size and length of the secret.
We found that a grid of 10 images displayed in two rows showed small advantages but from the qualitative data, we conclude that the best overall usability can be reached by offering personal choice. Thus, users should be able to decide on their preferred grid size and length of secret.