Loading Events

« All Events

  • This event has passed.

“Your Eyes Tell You Have Used This Password Before”: Identifying Password Reuse from Gaze and Keystroke Dynamics

May 4 @ 16:30 16:45 UTC -05:00

A significant drawback of text passwords for end-user authentication is password reuse. We propose a novel approach to detect password reuse by leveraging gaze as well as typing behavior and study its accuracy. We collected gaze and typing behavior from 49 users while creating accounts for 1) a webmail client and 2) a news website. While most participants came up with a new password, 32% reported having reused an old password when setting up their accounts. We then compared different ML models to detect password reuse from the collected data. Our models achieve an accuracy of up to 87.7% in detecting password reuse from gaze, 75.8% accuracy from typing, and 88.75% when considering both types of behavior. We demonstrate that revised{using gaze, password} reuse can already be detected during the registration process, before users entered their password. Our work paves the road for developing novel interventions to prevent password reuse.


May 4
16:30 – 16:45 UTC -05:00
Event Category:
Event Tags:


Yasmeen Abdrabou (Bundeswehr University Munich and University of Glasgow), Johannes Schütte (Bundeswehr University Munich), Ahmed Shams (Fatura LLC Egypt), Ken Pfeuffer (Aarhus University and Bundeswehr University Munich), Daniel Buschek (University of Bayreuth), Mohamed Khamis (University of Glasgow), and Florian Alt (Bundeswehr University Munich )

Room: 288-289