Contemporary personal mobile devices support a variety of authentication approaches, featuring different levels of security and usability. With cameras embedded in smart glasses, seamless, hands-free mobile authentication based on gaze is possible. Gaze authentication relies on knowledge as a secret, and gaze passwords are composed from a series of gaze points or gaze gestures. This paper investigates the concept of free-form mobile gaze passwords. Instead of relying on gaze gestures or points, free-form gaze gestures exploit the trajectory of the gaze over time. We collect and investigate a set of 29 different free-form gaze passwords from 19 subjects. In addition, the practical security of the approach is investigated in a study with 6 attackers observing eye movements during password input to subsequently perform spoofing. Our investigation indicates that most free-form gaze passwords can be expressed as a set of common geometrical shapes. Further, our free-form gaze authentication yields a true positive rate of 81% and a false positive rate with other gaze passwords of 12%, while targeted observation and spoofing is successful in 17.5% of all cases. Our usability study reveals that further work on the usability of gaze input is required as subjects reported that they felt uncomfortable creating and performing free-form passwords.

  author = {Fristr\"om, Eira and Lius, Elias and Ulmanen, Niki and Hietala, Paavo and K\"arkk\"ainen, Pauliina and M\"akinen, Tommi and Sigg, Stephan and Findling, Rainhard Dieter},
  booktitle = {Proc. {MoMM} 2019: 17th International Conference on
  		  Advances in Mobile Computing and Multimedia},
  title = {Free-Form Gaze Passwords from Cameras Embedded in Smart
  year = {2019},
  month = dec,
  number = { {In print}},
  publisher = {ACM}