The field of augmented reality (AR) and virtual reality (VR) is experiencing rapid technological advancement and increasing prevalence. As these devices are also used for sensitive data, a secure authentication mechanism is required. Due to the way one interacts with VR/AR, which is primarily through hand gestures, shoulder surfing represents a significant threat. This is because a bystander could observe the movements and attempt to reconstruct the password based on this information. To address this issue and others, it is important to investigate suitable secure and usable authentication mechanisms for VR and AR devices.

Research Questions

Some interesting research questions that will be or already have been (partly) answered are:

• What are the essential requirements of a shoulder-surfing resistant authentication scheme for VR/AR?
• What is the current state of VR/AR authentication research?
• How do users perceive the usability of different authentication schemes and which one do they prefer?

VR/AR-Demonstrators

• Graphical Authentication in AR: Demonstrates how graphical authentication can be used in AR. Instead of passwords, users authenticate with the help of a secret, consisting of different images of objects.
• Shoulder-Surfing Resistent Authentication in VR: Presentation of different knowledge-based authentication schemes both graphical and PIN based.
• Risk-based Authentication Using Brainwave Biometrics: This demonstrator shows how brainwave authentication enhances the VR experience during routine tasks while securing critical actions, such as payments via graphical passwords.

Some of our most relevant own publications:

• PassGlobe: Ein Shoulder-Surfing resistentes Authentifizierungsverfahren für Virtual Reality Head-Mounted Displays
  Länge, T.; Matheis, P.; Düzgün, R.; Mayer, P.; Volkamer, M. 2022. Mensch und Computer 2022 - Workshopband. Ed.: K. Marky, Gesellschaft für Informatik (GI).
• Shoulder-surfing resistant authentication for augmented reality.
  Düzgün, R.; Mayer, P.; Volkamer, M. 2022. Nordic Human Computer Interaction Conference (NordiCHI ’22), Art.Nr. 29, ACM Digital Library.
• Vision: Towards Fully Shoulder-Surfing Resistant and Usable Authentication for Virtual Reality
  Länge, T.; Matheis, P.; Düzgün, R.; Volkamer, M.; Mayer, P. 2024. Symposium on Usable Security and Privacy (USEC), San Diego, CA, February 26, 2024
• SoK: A Systematic Literature Review of Knowledge-Based Authentication on Augmented Reality Head-Mounted Displays
  Duezguen, R.; Noah, N.; Mayer, P.; Das, S.; Volkamer, M. 2022. International Conference on Availability, Reliability and Security, ARES 2022, August 23 - August 26, 2022, Vienna, Austria, Art.-No.: 36, Association for Computing Machinery (ACM).
• A Literature Review on Virtual Reality Authentication
  Jones, J. M.; Duezguen, R.; Mayer, P.; Volkamer, M.; Das, S. 2021. Human Aspects of Information Security and Assurance - 15th IFIP WG 11.12 International Symposium, HAISA 2021, Virtual Event, July 7–9, 2021, Proceedings. Ed.: S. Furnell, 189–198, Springer.
• Towards Secure and Usable Authentication for Augmented and Virtual Reality Head-Mounted Displays
  Düzgün, R.; Mayer, P.; Das, S.; Volkamer, M. 2020. Who Are You?! Adventures in Authentication Workshop (WAY), co-located with 16th Symposium on Usable Privacy and Security (SOUPS 2020), August 7–11, 2020