PassChords: Secure Multi-Touch Authentication for Blind People
Shiri Azenkot, Kyle Rector, Richard Ladner, Jacob Wobbrock · 2012 · Proceedings of the 14th International ACM SIGACCESS Conference on Computers and Accessibility (ASSETS 2012) · doi:10.1145/2384916.2384945
Summary
This paper presents PassChords, a non-visual multi-touch authentication method for blind mobile device users that is resistant to both aural and visual eavesdropping. The research begins with interviews of 13 blind smartphone users (average age 51, range 26-64) that revealed alarming security gaps: not a single participant used optional authentication methods like the iPhone's Passcode Lock, despite storing sensitive information including email, banking, and social networking data. Most participants were unaware of or unconcerned about security threats. The fundamental problem is that VoiceOver speaks each key label as users enter passwords, creating a severe aural eavesdropping vulnerability — anyone nearby can hear the password being spoken aloud. Visual eavesdropping is also a concern for low-vision users who use magnification. PassChords work by having users tap a touch surface several times with one or more fingers simultaneously — the password is defined by which fingers are used in each tap, not by screen location. Users first calibrate by placing all four fingers on the screen to establish reference points, then enter their PassChord as a sequence of multi-finger taps. The system uses Maximum Likelihood detection based on Input Finger Detection to determine which fingers touched the screen. No audio or visual feedback is produced during entry.
Key findings
A study with 16 blind participants (8 male, 8 female, average age 51, range 27-61) compared PassChords to VoiceOver PIN entry on a Samsung Galaxy phone. PassChords were nearly three times faster: mean authentication time was 2.67 seconds (SD=0.72) versus 7.52 seconds (SD=2.40) for VoiceOverPIN (p<0.001). The large VoiceOverPIN time was partly because users had to search for the correct key by moving their finger across the screen while listening to screen reader output. Failure rates were comparable and not significantly different (PassChords 16.3% vs. VoiceOverPIN 20.2%). Password recall was strong: 75% of participants (12/16) remembered their PassChord two days later, typically by memorizing the "feel" and associating fingers with numbers. Entropy analysis showed a 4-tap PassChord has first-order entropy of H≈12.6 bits, comparable to a 4-digit PIN's H≈12.7 bits. User-generated PassChords revealed strong preferences: the index finger was used in 66.5% of taps, while the pinky was used in only 14.6%. Users tended to create passwords with adjacent finger combinations and repeating patterns. Guidelines for stronger PassChords include using each finger at least once, varying between one, two, and three finger taps, and using four or more taps.
Relevance
This paper identifies and addresses a critical but underexplored intersection of accessibility and security. For accessibility practitioners, the key insight is that making authentication accessible is not just about enabling input — it must also address the unique security vulnerabilities that assistive technology creates. VoiceOver's practice of speaking password characters aloud fundamentally undermines security, yet no participant had stopped using it because there was no accessible alternative. The finding that zero out of 13 blind users employed device passwords — compared to roughly one-third of sighted users in other studies — represents a severe security disparity. PassChords demonstrates that accessible authentication can be both faster and more secure than adapted mainstream methods. The multi-touch chord approach is particularly elegant because it leverages proprioception (feeling which fingers are pressing) rather than visual or auditory feedback, making it inherently private. This work foreshadows the growing importance of accessible authentication as mobile devices increasingly mediate access to banking, health records, and other sensitive services.
Tags: accessible authentication · blind users · mobile security · touch screen · VoiceOver · eavesdropping · privacy · screen reader · iPhone · multi-touch