The young broker, dressed in a tailored suit, waits his turn to use the ATM in a busy shopping district. Standing behind him, a striking woman holds a Maltese puppy. The two begin to chat. When it's the broker's turn at the ATM, he politely turns away and enters his PIN. What he doesn't realize is that his new acquaintance seems to be looking over his shoulder. Has she duped him?

What if the broker hadn't needed a PIN number? What if, instead, he looked at a series of blurred images shown by the ATM and simply had to select the one he submitted when he opened the account? And what if he made the selection using a stationary mouse that would prevent anyone from figuring out which button he chose? To gain access to the broker's account, a thief would have to know both parts of the process, a practical impossibility.

Hirokazu Sasamoto (E'07) devised Undercover, the prototype of user authentication for his master's thesis at Carnegie Mellon's Japan CyLab. Then, Sasamoto, along with his teaching assistant Eiji Hayashi (E'06) and CyLab instructor Nicolas Christin, wrote the paper Undercover: Authentication Usable in Front of Prying Eyes, which was an expansion of his thesis.

The paper was accepted at the 2008 ACM Conference on Human Factors in Computer Systems. The conference, held this past April in Florence, Italy, is widely considered the premier academic conference in human-computer interaction.

The three researchers are marketing Undercover to corporations.
-- Jonathan Barnes (HS'93)