Investigating the Third Dimension for Authentication in Immersive Virtual Reality and in the Real World

Ceenu George, Mohamed Khamis, Daniel Buschek, Heinrich Hussmann
2019 2019 IEEE Conference on Virtual Reality and 3D User Interfaces (VR)  
A B C Real world object Figure 1: We study how the third dimension can be leveraged to improve the usability and security of authentication. (A) shows the sample real world room used for the study. (B) is a replica of the real world room. This screenshot depicts a view of the virtual scene from the view-point of the user during authentication process. When more than one object is selected, a blue connecting line appears. (C) is the view from the real world during user authentication in the
more » ... al scene with a HMD, namely the HTC Vive [22]. ABSTRACT Immersive Virtual Reality (IVR) is a growing 3D environment, where social and commercial applications will require user authentication. Similarly, smart homes in the real world (RW), offer an opportunity to authenticate in the third dimension. For both environments, there is a gap in understanding which elements of the third dimension can be leveraged to improve usability and security of authentication. In particular, investigating transferability of findings between these environments would help towards understanding how rapid prototyping of authentication concepts can be achieved in this context. We identify key elements from prior research that are promising for authentication in the third dimension. Based on these, we propose a concept in which users' authenticate by selecting a series of 3D objects in a room using a pointer. We created a virtual 3D replica of a real world room, which we leverage to evaluate and compare the factors that impact the usability and security of authentication in IVR and RW. In particular, we investigate the influence of randomized user and object positions, in a series of user studies (N=48). We also evaluate shoulder surfing by real world bystanders for IVR (N=75). Our results show that 3D passwords within our concept are resistant against shoulder surfing attacks. Interactions are faster in RW compared to IVR, yet workload is comparable.
doi:10.1109/vr.2019.8797862 dblp:conf/vr/GeorgeKBH19 fatcat:vksc3g6aibhk3e4gwyyxzkjvu4