Would you use eye-tracking instead of passwords?

July 18, 2013

The prototype was built to simulate an ATM screen. In this scenario, users followed the highlighted dots with their eyes and the technology tracked their unique eye movements (credit: Michael Brooks/University of Washington)

Biometric authentication technology systems for fingerprint, eye, and face recognition have failed to go mainstream to replace the unreliable password system.

University of Washington engineers are trying to figure out why. They found in a recent study, funded by the National Institute of Standards and Technology, that one of the reasons face- and eye-recognition systems haven’t taken off is because the user’s experience often isn’t factored into the design, said lead researcher Cecilia Aragon, a UW associate professor of human centered design and engineering.

To explore this problem, her team, in collaboration with Oleg Komogortsev at Texas State University, developed a new biometric authentication technique that identifies people based on their eye movements.

Eye-tracking technology uses infrared light and just about any camera. The light reflects off the surface of the eyeball back to the camera when a user’s eye is following a dot or words on the computer screen. The tracking device picks up the unique way each person’s eye moves.

“The goal: enable inexpensive cameras instead of specialized eye-tracking hardware,” Aragon said. “This system can be used by basically any technology that has a camera, even a low-quality webcam.”

But does would users trust it?

An eye-tracking experiment

Researchers developed this prototype to test eye-tracking authentication. The monitor shows a welcome screen and the eye tracker is positioned below. (Credit: Michael Brooks/University of Washington)

In the study, users simulated withdrawing money from an ATM. The prototype — an ATM-lookalike computer screen with eye-tracking technology — presented three separate types of authentication: a standard four-number PIN, a target-based game that tracks a person’s gaze, and a reading exercise that follows how a user’s eyes move past each word.

With each, researchers measured how long it took and how often the system had to recalibrate.

The UW research team chose the ATM scenario because it’s familiar to most people and many machines already have a basic security camera installed.

When interviewed afterward, most of the study subjects said they don’t trust the standard push-button PIN used in most ATMs, and most assumed that the more advanced technologies would offer the best security.

But when authentication failed — the research team deliberately caused it to not recognize users during one trial — they lost faith in the eye-tracking systems.

This study showed that future eye-tracking technology should give clear error messages or directions on how users should proceed if they get off track.

The standard PIN authentication won for its speed and user-friendliness, but the target-based game also scored high among users and didn’t take as long as the reading exercise, said Michael Brooks, a UW doctoral student in human centered design and engineering. “This game-like option could be a model for future versions.”

The researchers plan to look next at developing similar eye-tracking authentication for other systems that use basic cameras such as desktop computers. A similar design could be used to log in or gain access to a secure website.

If we want to experiment and promote eye-tracking tech, I’d suggest working with trend-setters, who bypass formal studies and adapt new technology because it’s cool. Look into eye-tracking with Leap Motion (which begins shipping pre-orders of the $79.99 Leap Motion Controller this week), or Kinect, or the new prototype ultrabook from Tobii and Synaptics — and of course, Google Glass. — Editor