Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality

Virtual reality (VR) headsets are enabling a wide range of new opportunities for the user. For example, in the near future users may be able to visit virtual shopping malls and virtually join international conferences. These and many other scenarios pose new questions with regards to privacy and security, in particular authentication of users within the virtual environment. As a first step towards seamless VR authentication, this paper investigates the direct transfer of well-established concepts (PIN, Android unlock patterns) into VR. In a pilot study (N = 5) and a lab study (N = 25), we adapted existing mechanisms and evaluated their usability and security for VR. The results indicate that both PINs and patterns are well suited for authentication in VR. We found that the usability of both methods matched the performance known from the physical world. In addition, the private visual channel makes authentication harder to observe, indicating that authentication in VR using traditional concepts already achieves a good balance in the trade-off between usability and security. The paper contributes to a better understanding of authentication within VR environments, by providing the first investigation of established authentication methods within VR, and presents the base layer for the design of future authentication schemes, which are used in VR environments only

Understanding Shoulder Surfing in the Wild: Stories from Users and Observers

Research has brought forth a variety of authentication systems to mitigate observation attacks. However, there is little work about shoulder surfing situations in the real world. We present the results of a user survey (N=174) in which we investigate actual stories about shoulder surfing on mobile devices from both users and observers. Our analysis indicates that shoulder surfing mainly occurs in an opportunistic, non-malicious way. It usually does not have serious consequences, but evokes negative feelings for both parties, resulting in a variety of coping strategies. Observed data was personal in most cases and ranged from information about interests and hobbies to login data and intimate details about third persons and relationships. Thus, our work contributes evidence for shoulder surfing in the real world and informs implications for the design of privacy protection mechanisms

GTmoPass: Two-factor Authentication on Public Displays Using Gaze-touch Passwords and Personal Mobile Devices

As public displays continue to deliver increasingly private and personalized content, there is a need to ensure that only the legitimate users can access private information in sensitive contexts. While public displays can adopt similar authentication concepts like those used on public terminals (e.g., ATMs), authentication in public is subject to a number of risks. Namely, adversaries can uncover a user's password through (1) shoulder surfing, (2) thermal attacks, or (3) smudge attacks. To address this problem we propose GTmoPass, an authentication architecture that enables Multi-factor user authentication on public displays. The first factor is a knowledge-factor: we employ a shoulder-surfing resilient multimodal scheme that combines gaze and touch input for password entry. The second factor is a possession-factor: users utilize their personal mobile devices, on which they enter the password. Credentials are securely transmitted to a server via Bluetooth beacons. We describe the implementation of GTmoPass and report on an evaluation of its usability and security, which shows that although authentication using GTmoPass is slightly slower than traditional methods, it protects against the three aforementioned threats

Digital exclusion in later life : a Maltese case-study

Information and communication technologies (ICTs) are driving profound changes in the way in which individuals, organizations and governments interact. In particular, the internet has been a major force behind the development towards a more globalized, knowledge-based economy. However, in terms of computer access and internet usage, a digital divide between the ‘haves’ and the ‘have nots’ has long been recognized. One key sector of non-users consists of older persons. For various reasons – including no exposure to computers over their lifetime and in their occupations, income levels, physical disability and access to affordable ICT training – only limited percentages of older people have adequate ICT skills. A growing concern is that older adults who do not engage with ICTs face social disadvantages and exclusion. This article reports upon a qualitative study on older non-users of ICTs, with its key goal being to understand what leads to, and the effects of, digital exclusion in later life. Results found that older persons who never made use of ICTs were significantly delineated by gender and socio-economic status patterns - namely, women (especially housewives, who had never been in paid employment), individuals who worked in blue-collar and working-class occupations, and the long-term unemployed. Data also demonstrated that access was not the main issue at hand, and that the failure of older adults to become digital citizens was the result of a continuum of overlapping barriers. This study provided information highlighting the rationales and motivations underlying individuals’ non-use of computers - namely, believing that they were now ‘too old’ to use new technologies, a lack of relevance or ‘life-fit’ of computers, perceived non-usefulness and difficulty to use, anxiety about computer usage, concern about security and privacy issues, and the facing of disability issues.N/

ImpaCT2: pupils' and teachers' perceptions of ICT in the home, school and community

The Strand 2 report of the ImpaCT 2 research describes the results of applying a range of research methods to explore, how pupils use ICT, in particular out of school and what had been gained from this use. ImpaCT2 was a major longitudinal study (1999-2002) involving 60 schools in England, its aims were to: identify the impact of networked technologies on the school and out-of-school environment; determine whether or not this impact affected the educational attainment of pupils aged 8 - 16 years (at Key Stages 2, 3, and 4); and provide information that would assist in the formation of national, local and school policies on the deployment of ICT