Designing Non-Observable Passwords

19 03 2013

It is said that a system is only as secure as its weakest link.  It probably comes as little surprise that human beings are often cited as the weakest link when it comes to information security — often undermining system security keeping PIN codes in their wallets or even taping a password right onto a monitor.  Criminals in search of personal information need only target the user to find what they need.

But what poses a much bigger security vulnerability is that oftentimes, for criminals in search of this information, the easiest method to gaining access to the system is usually to just observe as users input their passwords or PINs directly into a system’s user interface (3).

To help solve this growing issue, password and PIN creation has had to evolve to meet increasing security violations. Criminals were able to access passwords which forced system designers to implement more stringent rules.  For instance, PIN numbers, which are usually 4-digits, were in some cases forced to be 6 or even 8-digits long.  Passwords now have rules such as needing to be 8 characters long and include a symbol, a number, and a capital letter.

But the real question is, no matter how long or complex our PINs or passwords are, if a criminal can actually see the input of the information onto a keypad or screen, how effective could that password really be?  Yearly losses due to this security vulnerability has been said to be nearly $60 million in the US  (1).

This is the fundamental problem with visual passwords today: they are too easy to observe.  But researchers have been trying to solve this problem by developing unobservable password and PIN input techniques.  This post will quickly summarize and discuss a few of the current research projects in this area and the inherent advantages and limitations of each.

Integrating an Unobservable Process with the Traditional Process

VibraPass is a system that has been created to work in conjunction with current ATMs (1).  VibraPass is unique in that it offers a second level of protection to an ATM by leveraging mobile phone devices.  The way it works is that a user hooks up their smartphone device to the ATM terminal, and each time the phone vibrates, the user knows that the next input in their password would be a “lie”.  A person trying to observe the input would be confused an unable to decipher what the real password is.

The concept behind this system is effective and, most importantly, user-friendly, as it builds upon the current easy-to-use PIN process.  The downside, however, which VibraPass admits, is that repeated observation by the criminal would eventually give away the pattern and allow them to discern the real password.  “The main weakness of VibraPass is that repeated observations can lead to successful attacks by analyzing the differences between inputs. The highest success rate for an attack can be assumed if the lie overhead is known by the attacker.” (3)

Looking at the security results of the VibraPass, we learn that 1 in 10,000 or less were able to observe the password, and that it was very weak against two or more observations in particular  (1).

Combining Audio and Sensory Perceptions into Password Creation

Spinclock is a password application developed to work on touchscreen mobile devices.  Spinclock combines several cognitive functions to create a secure, unobservable password process (1).

Ramesh_fig 1

Figure 1: A design view of the Spinlock application (2)

Figure 1 above shows the basic design of the application and how the settings work. Spinlock works in much the same way as a physical dial lock with incremental numbers and audio or haptic cue.  The user would go to their settings and select a random combination for the password.  Then they’d select the circle and spin it in the correct direction and begin to count.  Unlike a physical lock, where going three to the right had a designated position on the dial, Spinlock provides completely random auditory or haptic queues to notify the user when they have moved one “space”.  This makes it difficult for an observer to understand how many positions the user has moved on the lock (2).

Some of the disadvantages of this system would be the randomization of the sensory cues can cause confusion on the users themselves, leading to higher levels of input error when compared to traditional PIN or password input methods. “Also, the majority of errors (78%) involved entering digits one higher or lower than the target item. Comments by participants provided a feasible explanation for this; several spontaneously remarked that the randomly distributed nature of the cues made predicting the location of the final target challenging. In particular, several mentioned that unintentionally overshooting the target item was the most frustrating aspect of the experiment.” (2)

Looking at the security results of the Spinlock, we learn that 1 in 10,000 were able to observe the Spinlock password, and that multiple observations had no effect on this number (1).


From a user-experience perspective, it is likely that the traditional, visual-based password and PIN system will usually have a higher level of user input accuracy than an auditory or haptic-based system, and will also likely be faster and more efficient.  However, when we look at the security studies, it is clear that the non-visual password systems are much more effective against observation.

Additionally, I believe there is a level of comfort and familiarity between users and the long-known password and PIN system.  Use of auditory and haptic systems might be a little frustrating to understand and use in the beginning, but over time I feel that it will become a norm which people will learn to use.

Besides, if learning to get used to listening or feeling for my password is the alternative to having to memorize a 12-digit code that needs to have at least two capital letters, a symbol, three numbers and needs to be changed every 6 months, then I’m gladly open to learning something new.


  1. Bianchi, Andrea, Ian Oakely, and Dong Su Kwon. “Open Sesame: Design Guidelines for Invisible Passwords.” Computer April (2012): 58-65. Print.
  2. Bianchi, Andrea, Ian Oakley, and Dong Su Wong. Spinlock: A Single-Cue Haptic and Audio PIN Input Technique for Authentication. Tech. N.p.: Springer-Verlag Berlin Heidelberg, 2011. Print.
  3. De Luca, Alexander, Emanuel Von Zezschwitz, and Heinrick Hußmann. “VibraPass – Secure Authentication Based on Shared Lies.” Proc. Conf. Human Factors in Computing Systems (2009): 913-16. Print.



One response

25 03 2013
Kevin Reasor

Interesting post. I like the Vibrapass solution leveraging shared lies triggered by vibration on your mobile phone. For any of these approaches you can determine faults but I think this one would provide significant improvement.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: