{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T16:05:39Z","timestamp":1762272339035,"version":"3.41.0"},"reference-count":61,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2018,12,27]],"date-time":"2018-12-27T00:00:00Z","timestamp":1545868800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Interact. Mob. Wearable Ubiquitous Technol."],"published-print":{"date-parts":[[2018,12,27]]},"abstract":"<jats:p>Secure authentication on situated displays (e.g., to access sensitive information or to make purchases) is becoming increasingly important. A promising approach to resist shoulder surfing attacks is to employ cues that users respond to while authenticating; this overwhelms observers by requiring them to observe both the cue itself as well as users' response to the cue. Although previous work proposed a variety of modalities, such as gaze and mid-air gestures, to further improve security, an understanding of how they compare with regard to usability and security is still missing as of today. In this paper, we rigorously compare modalities for cue-based authentication on situated displays. In particular, we provide the first comparison between touch, mid-air gestures, and calibration-free gaze using a state-of-the-art authentication concept. In two in-depth user studies (N=20, N=17) we found that the choice of touch or gaze presents a clear tradeoff between usability and security. For example, while gaze input is more secure, it is also more demanding and requires longer authentication times. Mid-air gestures are slightly slower and more secure than touch but users hesitate to use them in public. We conclude with three significant design implications for authentication using touch, mid-air gestures, and gaze and discuss how the choice of modality creates opportunities and challenges for improved authentication in public.<\/jats:p>","DOI":"10.1145\/3287052","type":"journal-article","created":{"date-parts":[[2018,12,27]],"date-time":"2018-12-27T19:28:03Z","timestamp":1545938883000},"page":"1-22","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":45,"title":["CueAuth"],"prefix":"10.1145","volume":"2","author":[{"given":"Mohamed","family":"Khamis","sequence":"first","affiliation":[{"name":"University of Glasgow, Glasgow, United Kingdom, LMU Munich, Munich, Germany"}]},{"given":"Ludwig","family":"Trotter","sequence":"additional","affiliation":[{"name":"Lancaster University, United Kingdom, LMU Munich, Munich, Germany"}]},{"given":"Ville","family":"M\u00e4kel\u00e4","sequence":"additional","affiliation":[{"name":"University of Tampere, Tampere, Finland"}]},{"given":"Emanuel von","family":"Zezschwitz","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]},{"given":"Jens","family":"Le","sequence":"additional","affiliation":[{"name":"LMU Munich, Munich, Germany"}]},{"given":"Andreas","family":"Bulling","sequence":"additional","affiliation":[{"name":"University of Stuttgart, Stuttgart, Germany"}]},{"given":"Florian","family":"Alt","sequence":"additional","affiliation":[{"name":"Bundeswehr University Munich, Germany, LMU Munich, Munich, Germany, University of Applied Sciences Munich, Germany"}]}],"member":"320","published-online":{"date-parts":[[2018,12,27]]},"reference":[{"key":"e_1_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025461"},{"key":"e_1_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2858036.2858427"},{"key":"e_1_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2307798.2307815"},{"key":"e_1_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2682623"},{"key":"e_1_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2832919"},{"key":"e_1_2_2_6_1","volume-title":"Proceedings of the 4th USENIX Conference on Offensive Technologies (WOOT' 10)","author":"Aviv Adam J.","year":"1925","unstructured":"Adam J. Aviv , Katherine Gibson , Evan Mossop , Matt Blaze , and Jonathan M. Smith . 2010. Smudge Attacks on Smartphone Touch Screens . In Proceedings of the 4th USENIX Conference on Offensive Technologies (WOOT' 10) . USENIX Association, Berkeley, CA, USA, 1--7. http:\/\/dl.acm.org\/citation.cfm?id= 1925 004.1925009 Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith. 2010. Smudge Attacks on Smartphone Touch Screens. In Proceedings of the 4th USENIX Conference on Offensive Technologies (WOOT' 10). USENIX Association, Berkeley, CA, USA, 1--7. http:\/\/dl.acm.org\/citation.cfm?id=1925004.1925009"},{"key":"e_1_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274702"},{"key":"e_1_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1935701.1935815"},{"key":"e_1_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1753326.1753488"},{"key":"e_1_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.intcom.2012.06.005"},{"volume-title":"Proc. INTERACT '03","author":"Brignull Harry","key":"e_1_2_2_11_1","unstructured":"Harry Brignull and Yvonne Rogers . Enticing people to interact with large public displays in public spaces . In Proc. INTERACT '03 . 17--24. Harry Brignull and Yvonne Rogers. Enticing people to interact with large public displays in public spaces. In Proc. INTERACT '03. 17--24."},{"key":"e_1_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2207676.2208712"},{"key":"e_1_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818346.2820752"},{"key":"e_1_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.16910\/jemr.7.4.1"},{"key":"e_1_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557287"},{"key":"e_1_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572532.1572542"},{"key":"e_1_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2207676.2208544"},{"key":"e_1_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1518701.1518840"},{"key":"e_1_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660273"},{"key":"e_1_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025636"},{"key":"e_1_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1753326.1753491"},{"key":"e_1_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2012.2225048"},{"key":"e_1_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2017.23028"},{"key":"e_1_2_2_24_1","volume-title":"Namey","author":"Guest Greg","year":"2012","unstructured":"Greg Guest , Kathleen M. MacQueen , and Emily E . Namey . 2012 . Applied Thematic Analysis . (2012). Greg Guest, Kathleen M. MacQueen, and Emily E. Namey. 2012. Applied Thematic Analysis. (2012)."},{"key":"e_1_2_2_25_1","volume-title":"Application of Multi factor authentication in Internet of Things domain. CoRR abs\/1506.03753","author":"Gupta Udit","year":"2015","unstructured":"Udit Gupta . 2015. Application of Multi factor authentication in Internet of Things domain. CoRR abs\/1506.03753 ( 2015 ). arXiv:1506.03753 http:\/\/arxiv.org\/abs\/1506.03753 Udit Gupta. 2015. Application of Multi factor authentication in Internet of Things domain. CoRR abs\/1506.03753 (2015). arXiv:1506.03753 http:\/\/arxiv.org\/abs\/1506.03753"},{"key":"e_1_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557043"},{"key":"e_1_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2611009.2611026"},{"key":"e_1_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-22698-9_31"},{"key":"e_1_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03655-2_66"},{"key":"e_1_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2851581.2892314"},{"key":"e_1_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3152832.3152851"},{"key":"e_1_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3173861"},{"key":"e_1_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3078810.3078815"},{"key":"e_1_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3136755.3136809"},{"key":"e_1_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2971648.2971679"},{"key":"e_1_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3012709.3012743"},{"key":"e_1_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1753326.1753489"},{"key":"e_1_2_2_38_1","volume-title":"Use the Force: Evaluating Force-Sensitive Authentication for Mobile Devices. In Twelfth Symposium on Usable Privacy and Security (SOUPS '2016)","author":"Krombholz Katharina","year":"2016","unstructured":"Katharina Krombholz , Thomas Hupperich , and Thorsten Holz . 2016 . Use the Force: Evaluating Force-Sensitive Authentication for Mobile Devices. In Twelfth Symposium on Usable Privacy and Security (SOUPS '2016) . USENIX Association, Denver, CO, 207--219. https:\/\/www.usenix.org\/conference\/soups 2016\/technical-sessions\/presentation\/krombholz Katharina Krombholz, Thomas Hupperich, and Thorsten Holz. 2016. Use the Force: Evaluating Force-Sensitive Authentication for Mobile Devices. In Twelfth Symposium on Usable Privacy and Security (SOUPS '2016). USENIX Association, Denver, CO, 207--219. https:\/\/www.usenix.org\/conference\/soups2016\/technical-sessions\/presentation\/krombholz"},{"key":"e_1_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1280680.1280683"},{"key":"e_1_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2677972.2677998"},{"key":"e_1_2_2_41_1","volume-title":"Retrieving Content from Large Displays Using Mid-Air Gestures","author":"M\u00e4kel\u00e4 Ville","year":"2017","unstructured":"Ville M\u00e4kel\u00e4 , Jobin James , Tuuli Keskinen , Jaakko Hakulinen , and Markku Turunen . 2017. \" It's Natural to Grab and Pull\" : Retrieving Content from Large Displays Using Mid-Air Gestures . IEEE Pervasive Computing 16, 3 ( 2017 ). Ville M\u00e4kel\u00e4, Jobin James, Tuuli Keskinen, Jaakko Hakulinen, and Markku Turunen. 2017. \"It's Natural to Grab and Pull\": Retrieving Content from Large Displays Using Mid-Air Gestures. IEEE Pervasive Computing 16, 3 (2017)."},{"key":"e_1_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3173709"},{"key":"e_1_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1080\/10572252.2015.975966"},{"key":"e_1_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2207676.2207718"},{"key":"e_1_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1029632.1029658"},{"key":"e_1_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2501988.2501998"},{"key":"e_1_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3027063.3053070"},{"key":"e_1_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030116"},{"key":"e_1_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2494091.2494163"},{"key":"e_1_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/365024.365349"},{"key":"e_1_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/332040.332445"},{"key":"e_1_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978311"},{"key":"e_1_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2016.7524367"},{"key":"e_1_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2984511.2984536"},{"key":"e_1_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2493432.2493477"},{"key":"e_1_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702212"},{"key":"e_1_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2470654.2470774"},{"key":"e_1_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2628363.2628368"},{"key":"e_1_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/1463160.1463202"},{"key":"e_1_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2935334.2935388"},{"key":"e_1_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3230740"}],"container-title":["Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3287052","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3287052","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:02:08Z","timestamp":1750208528000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3287052"}},"subtitle":["Comparing Touch, Mid-Air Gestures, and Gaze for Cue-based Authentication on Situated Displays"],"short-title":[],"issued":{"date-parts":[[2018,12,27]]},"references-count":61,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2018,12,27]]}},"alternative-id":["10.1145\/3287052"],"URL":"https:\/\/doi.org\/10.1145\/3287052","relation":{},"ISSN":["2474-9567"],"issn-type":[{"type":"electronic","value":"2474-9567"}],"subject":[],"published":{"date-parts":[[2018,12,27]]},"assertion":[{"value":"2018-02-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-10-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-12-27","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}