Aarhus University Seal

"Your Eyes Tell You Have Used This Password Before": Identifying Password Reuse from Gaze and Keystroke Dynamics

Research output: Contribution to book/anthology/report/proceedingArticle in proceedingsResearchpeer-review


  • Yasmeen Abdrabou, Universität der Bundeswehr München, University of Glasgow
  • ,
  • Johannes Schütte, Universität der Bundeswehr München
  • ,
  • Ahmed Shams, Fatura Llc
  • ,
  • Ken Pfeuffer
  • Daniel Buschek, University of Bayreuth
  • ,
  • Mohamed Khamis, University of Glasgow
  • ,
  • Florian Alt, Universität der Bundeswehr München

A significant drawback of text passwords for end-user authentication is password reuse. We propose a novel approach to detect password reuse by leveraging gaze as well as typing behavior and study its accuracy. We collected gaze and typing behavior from 49 users while creating accounts for 1) a webmail client and 2) a news website. While most participants came up with a new password, 32% reported having reused an old password when setting up their accounts. We then compared different ML models to detect password reuse from the collected data. Our models achieve an accuracy of up to 87.7% in detecting password reuse from gaze, 75.8% accuracy from typing, and 88.75% when considering both types of behavior. We demonstrate that using gaze, password reuse can already be detected during the registration process, before users entered their password. Our work paves the road for developing novel interventions to prevent password reuse.

Original languageEnglish
Title of host publicationCHI 2022 - Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems
Number of pages16
PublisherAssociation for Computing Machinery
Publication year2022
Article number400
ISBN (Electronic)9781450391573
Publication statusPublished - 2022
Event2022 CHI Conference on Human Factors in Computing Systems, CHI 2022 - Virtual, Online, United States
Duration: 30 Apr 20225 May 2022


Conference2022 CHI Conference on Human Factors in Computing Systems, CHI 2022
LandUnited States
ByVirtual, Online

    Research areas

  • Gaze Behavior, Keystroke Dynamics, Machine Learning, Passwords

See relations at Aarhus University Citationformats

ID: 271245352