top of page

Haptic2FA: Haptics-Based Accessible Two-Factor Authentication for Blind and Low Vision People

Palavi V. Bhole, Ziming Li, Shivang Bokolia, Dr. Tae Oh, Dr. Garreth W. Tigwell, Dr. Roshan L. Peiris

School of Information,

Rochester Institute of Technology, Rochester, NY 14623, USA

Proceedings of the ACM on Human-Computer Interaction, Volume 8, Issue MHCI

image.png
lady.png

Introduction

 2FA and Accessibility Challenges for BLV Users

Two-Factor Authentication (2FA)

  • A widely used security method for protecting online accounts.

  • Combines "something you know" (e.g., password) with "something you have" (e.g., OTP).

Challenges for Blind and Low Vision (BLV) Users
Security

Traditional 2FA relies on visual cues, and screen readers can compromise security through shoulder surfing and eavesdropping.

Accessibility

These methods create barriers for visually impaired users, limiting access to secure online services.

Traditional 2FA and Accessibility Limitations

Traditional 2FA Methods

SMS codes, app-based authentication, hardware tokens and QR codes are widely used.
 

  • Visual verification

  • Text-based codes

  • QR Codes

Accessibility Limitations

These methods rely on visual cues, posing challenges for BLV users.

  • Visual impairments hinder code visibility

  • Text-based codes can be difficult to read

  • QR codes are inaccessible

Haptic2FA

an Accessible Solution

1
Haptic Patterns

Haptic2FA uses Morse code-like vibrations to convey authentication codes instead of OTPs for BLV users.

2
Accessibility

This tactile feedback replaces visual cues, making authentication accessible for users with visual impairments.

3
Privacy and Security

Only the user feels the vibrations, mitigating shoulder-surfing and eavesdropping risks.

lady.png

Haptic2FA Workflow

Concept.png

1

Login
The user initiates the login process on their smartphone.

2

Generate Haptic Pattern
The system generates a unique haptic pattern based on the user's credentials.

3

Feel Pattern
The user feels the vibrating haptic pattern through their smartphone or wearable.

4

Input Pattern
The user inputs the felt pattern using an input method.

Haptic2FA Workflow

Buttons Mockup.png
Buttons
Select the pattern from multiple options.
Dot-Dash
Enter pattern via Dot and Dash buttons (like Morse code).
Gesture
Use taps/tap and holds to input the pattern.
lady.png

Usability Study

Participants
10 BLV users (8 blind, 2 low vision), aged 26-45.
Testing
Each participant tested all three input methods.
Evaluated using two measures: Accuracy (correct pattern input) and Time (speed of entry).
Post-study interviews and NASA-TLX questionnaires to assess task load.
Feedback
Collected user feedback on accessibility and ease of use.

Study Results

Accuracy in Pattern Entry

93.3%

Buttons Method

94.4%

Dot-Dash Method

95.5%

Gesture Method

Average Time for Pattern Entry

14.4 seconds

Buttons Method

15.4 seconds

Dot-Dash Method

22.3 seconds

Gesture Method

User Feedback

Usability
Most participants found Haptic2FA easier to use and more independent compared to traditional 2FA.
Accessibility
Users found Haptic2FA accessible due to the use of tactile feedback.
Security
Participants felt more secure using haptic feedback in public places.
lady.png
lady.png

User Preferences and Suggestions

Pattern Length
Most participants Preferred 3-4 element haptic patterns for ease of memorization.
Input Method
Some users found the Gesture method slow but preferred it for security.
Suggestions
Participants suggested that pattern be received through notification but there should be a clear way to distinguish between other haptic feedbacks and the pattern haptics.

Conclusion and Future Work

Key Findings
Haptic2FA offers an accessible, secure alternative to traditional 2FA for BLV users. The study demonstrated its high accuracy and positive user feedback.
Future Work

  1. Explore cross-device authentication with wearables.

  2. Investigate complex haptic patterns for better security.

  3. Personalize vibration strength and speed for user preferences.

Takeaways

Haptic2FA reinforced the need for inclusive security design, ensuring 2FA is both secure and accessible. Balancing usability with security was a key challenge, requiring iterative design and user testing. This project highlighted how multi-sensory feedback can reduce accessibility barriers in authentication. Moving forward, I see potential for haptic feedback in broader cybersecurity applications, strengthening my commitment to equitable and user-centered design.

© 2022 by Palavi Bhole

bottom of page