The (Un)suitability of Passwords and Password Managers in Virtual Reality
- URL: http://arxiv.org/abs/2503.18550v1
- Date: Mon, 24 Mar 2025 11:02:11 GMT
- Title: The (Un)suitability of Passwords and Password Managers in Virtual Reality
- Authors: Emiram Kablo, Yorick Last, Patricia Arias Cabarcos, Melanie Volkamer,
- Abstract summary: password managers (PMs) are a potential solution for secure VR authentication.<n>We report findings from 91 cognitive walkthroughs, revealing that while PMs improve usability, they are not yet ready for prime time.<n>Key features like cross-app autofill are missing, and user experiences highlight the need for better solutions.
- Score: 1.7899337155038426
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: As Virtual Reality (VR) expands into fields like healthcare and education, ensuring secure and user-friendly authentication becomes essential. Traditional password entry methods in VR are cumbersome and insecure, making password managers (PMs) a potential solution. To explore this field, we conducted a user study (n=126 VR users) where participants expressed a strong preference for simpler passwords and showed interest in biometric authentication and password managers. On these grounds, we provide the first in-depth evaluation of PMs in VR. We report findings from 91 cognitive walkthroughs, revealing that while PMs improve usability, they are not yet ready for prime time. Key features like cross-app autofill are missing, and user experiences highlight the need for better solutions. Based on consolidated user views and expert analysis, we make recommendations on how to move forward in improving VR authentication systems, ultimately creating more practical solutions for this growing field.
Related papers
- 2FA: Navigating the Challenges and Solutions for Inclusive Access [55.2480439325792]
Two-Factor Authentication (2FA) has emerged as a critical solution to protect online activities.<n>This paper examines the intricacies of deploying 2FA in a way that is secure and accessible to all users.<n>An analysis was conducted to examine the implementation and availability of various 2FA methods across popular online platforms.
arXiv Detail & Related papers (2025-02-17T12:23:53Z) - GAZEploit: Remote Keystroke Inference Attack by Gaze Estimation from Avatar Views in VR/MR Devices [8.206832482042682]
We unveil GAZEploit, a novel eye-tracking based attack specifically designed to exploit these eye-tracking information by leveraging the common use of virtual appearances in VR applications.
Our research, involving 30 participants, achieved over 80% accuracy in keystroke inference.
Our study also identified over 15 top-rated apps in the Apple Store as vulnerable to the GAZEploit attack, emphasizing the urgent need for bolstered security measures for this state-of-the-art VR/MR text entry method.
arXiv Detail & Related papers (2024-09-12T15:11:35Z) - An Empirical Study on Oculus Virtual Reality Applications: Security and
Privacy Perspectives [46.995904896724994]
This paper develops a security and privacy assessment tool, namely the VR-SP detector for VR apps.
Using the VR-SP detector, we conduct a comprehensive empirical study on 500 popular VR apps.
We find that a number of security vulnerabilities and privacy leaks widely exist in VR apps.
arXiv Detail & Related papers (2024-02-21T13:53:25Z) - Evaluating Deep Networks for Detecting User Familiarity with VR from
Hand Interactions [7.609875877250929]
We use a VR door as we envision it to the first point of entry to collaborative virtual spaces, such as meeting rooms, offices, or clinics.
While the user may not be familiar with VR, they would be familiar with the task of opening the door.
Using a pilot dataset consisting of 7 users familiar with VR, and 7 not familiar with VR, we acquire highest accuracy of 88.03% when 6 test users, 3 familiar and 3 not familiar, are evaluated with classifiers trained using data from the remaining 8 users.
arXiv Detail & Related papers (2024-01-27T19:15:24Z) - Deep Motion Masking for Secure, Usable, and Scalable Real-Time Anonymization of Virtual Reality Motion Data [49.68609500290361]
Recent studies have demonstrated that the motion tracking "telemetry" data used by nearly all VR applications is as uniquely identifiable as a fingerprint scan.
We present in this paper a state-of-the-art VR identification model that can convincingly bypass known defensive countermeasures.
arXiv Detail & Related papers (2023-11-09T01:34:22Z) - Can Virtual Reality Protect Users from Keystroke Inference Attacks? [23.587497604556823]
We show that despite assumptions of enhanced privacy, VR is unable to shield its users from side-channel attacks that steal private information.
This vulnerability arises from VR's greatest strength, its immersive and interactive nature.
arXiv Detail & Related papers (2023-10-24T21:19:38Z) - Unique Identification of 50,000+ Virtual Reality Users from Head & Hand
Motion Data [58.27542320038834]
We show that a large number of real VR users can be uniquely and reliably identified across multiple sessions using just their head and hand motion.
After training a classification model on 5 minutes of data per person, a user can be uniquely identified amongst the entire pool of 50,000+ with 94.33% accuracy from 100 seconds of motion.
This work is the first to truly demonstrate the extent to which biomechanics may serve as a unique identifier in VR, on par with widely used biometrics such as facial or fingerprint recognition.
arXiv Detail & Related papers (2023-02-17T15:05:18Z) - Towards Zero-trust Security for the Metaverse [14.115124942695887]
We develop a holistic research agenda for zero-trust user authentication in social virtual reality (VR)
Our proposed research includes four concrete steps: investigating biometrics-based authentication that is suitable for continuously authenticating VR users, leveraging federated learning for protecting user privacy in biometric data, improving the accuracy of continuous VR authentication with multimodal data, and boosting the usability of zero-trust security with adaptive VR authentication.
arXiv Detail & Related papers (2023-02-17T14:13:02Z) - Force-Aware Interface via Electromyography for Natural VR/AR Interaction [69.1332992637271]
We design a learning-based neural interface for natural and intuitive force inputs in VR/AR.
We show that our interface can decode finger-wise forces in real-time with 3.3% mean error, and generalize to new users with little calibration.
We envision our findings to push forward research towards more realistic physicality in future VR/AR.
arXiv Detail & Related papers (2022-10-03T20:51:25Z) - Security and Privacy in Virtual Reality: A Literature Survey [0.0]
We explore the state-of-the-art in VR privacy and security, we categorise potential issues and threats, and we analyse causes and effects of the identified threats.<n>We focus on the research previously conducted in the field of authentication in VR, as it stands as the most investigated area in the topic.<n>We also provide an overview of other interesting uses of VR in the field of cybersecurity, such as the use of VR to teach cybersecurity or evaluate the usability of security solutions.
arXiv Detail & Related papers (2022-04-30T08:45:09Z) - Wireless Edge-Empowered Metaverse: A Learning-Based Incentive Mechanism
for Virtual Reality [102.4151387131726]
We propose a learning-based Incentive Mechanism framework for VR services in the Metaverse.
First, we propose the quality of perception as the metric for VR users in the virtual world.
Second, for quick trading of VR services between VR users (i.e., buyers) and VR SPs (i.e., sellers), we design a double Dutch auction mechanism.
Third, for auction communication reduction, we design a deep reinforcement learning-based auctioneer to accelerate this auction process.
arXiv Detail & Related papers (2021-11-07T13:02:52Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.