By focusing more on user experience, eye-tracking systems could finally start to appeal to a wider audience. Though more secure than a password or a pin code, this technology still needs to gain acceptance.
Passwords are still the most widely used electronic authentication systems for protecting our bank accounts, email boxes and Facebook profiles. For some time now, technologies using fingerprints or face and eye recognition techniques have been making headway, but have not yet found wide appeal. Now a study on Perceptions of Interfaces for Eye Movement Biometrics carried out by three researchers at the University of Washington, Seattle, and Texas State University in the United States, shows that the reason for this disenchantment may simply be due to the fact that research carried out so far has not placed sufficient emphasis on the user experience. Referring to eye-tracking prototypes designed by the team, Michael Brooks, a doctoral student at the University of Washington, stresses that “it would have been difficult to design these prototypes without obtaining feedback from users early on.” To put their theories into practice, the researchers set up a practical test: simulating cash-withdrawals from an ATM.
Eye movements are unique to each person
For the experiment, the researchers developed an ATM-lookalike computer screen with eye-tracking technology. The technology uses infrared light which, when a user’s eye is following a dot or words on the computer screen, reflects off the surface of the eyeball back to the camera. When the people taking part in the study came to withdraw money, they were presented with three alternative types of user authentication: a standard four-number PIN; a target-based game that tracks a person’s gaze; and a reading exercise which follows how a user’s eyes move past each word. When interviewed afterwards, most of the guinea pigs said they do not trust the standard push-button PIN used in most ATMs, although they did like the speed it offers. Moreover, most assumed that the more advanced technologies would provide the best security. These new options could therefore serve as models for future versions.
Technology that can be used on every device
However the test also showed that when authentication failed – the research team deliberately caused a number of failures – the test participants tended to lose faith in the eye-tracking systems. This study clearly demonstrated that future eye-tracking technology needs to give clear error messages or directions on how users should proceed if their authentication fails. “The error messages we provided and the feedback we gave were really important for making it usable,” Michael Brooks underlined. In addition to experimenting on users, the study also set out to show that eye-tracking signatures can be used with inexpensive cameras instead of specialised eye-tracking hardware,” pointed out lead researcher Cecilia Aragon. The researchers plan to look next at developing similar eye-tracking authentication for other systems that use basic cameras, such as desktop computers. A similar design could be used to log in or gain access to a secure website. “This is the beginning of looking at biometric authentication as a socio-technical system, where not only does it need to be efficient and accurate, but also something that people trust,” underlined Cecilia Aragon.