Strategic UX Research • Accessibility • Security

OneButton PIN

A research-driven authentication concept for blind and low-vision users that rethinks PIN entry from first principles. Instead of incrementally improving the existing keypad, I explored a more strategic question: can a different interaction model reduce motor friction, improve privacy, and make observation-based attacks harder?

The result was a single-tile haptic PIN method that won the Best Paper Award at MobileHCI 2022 and was evaluated across both usability and attack-resistance dimensions.

🏆 Best Paper Award · MobileHCI 2022
🫳 Haptic interaction model
🔐 Privacy-aware authentication
🧭 Ambiguity → concept → evidence
Survey research Diary study Security study Prototype design Haptic interaction Accessibility evaluation
Study snapshot Evidence across usability, learnability, and attack resistance
Survey
88 responses
Used to understand authentication habits, accessibility pain points, and public-space security concerns.
Diary study
9 blind / low-vision participants
A week-long evaluation focused on learnability, perceived accessibility, and repeated real use.
Security study
10 sighted observers
Tested whether reduced motion and timing variability made shoulder surfing harder than traditional PIN entry.
OneButton PIN concept visual
🏆
Recognition
Best Paper
What this project demonstrates
This is the kind of work I’m strongest at: conceptual, pre-alignment, technically constrained problems where research has to clarify the path forward before the team can commit to a product direction.

😖 The problem

Standard PIN entry assumes visual targeting, spatial navigation, and low-risk environments. For blind and low-vision users, those assumptions break fast. Small targets are error-prone. Screen-reader support can expose digits aloud. Finger movement across a keypad creates observable patterns in public.

Small targets Aural leakage Shoulder-surfing cues

✨ The concept

Replace the 0–9 keypad with a single large interaction target. The user presses and holds, feels a rhythm of haptics, counts the pulses, and releases to enter the digit. Timing can be randomized to reduce predictability and make observation harder.

Interaction redesign Haptic counting Security-aware timing
Virtual simulator
Checking vibration support…
— — — —
HOLD FOR PIN Hold to feel pulses → release to enter digit
Live count while holding0
Digit entered on release0
ModeOBP

🎚️ Experimental controls

Time between pulses. In the study, timing was not just a comfort variable. It was part of the security design space.
Length of each haptic pulse.
Delay before the first vibration after press.
Randomize ST (0–200ms) Introduces timing variability to reduce inference.
Randomly increase VI (0–200ms) Simulates the harder-to-predict timing conditions explored in the research.
Reality check: browser vibration support is inconsistent, especially on iPhone. The simulator still communicates the interaction model through visual feedback and a subtle audio fallback.

🧠 Research framing and concept strategy

This project is stronger than a typical accessibility case study because it did not treat the problem as a UI polish exercise. I approached it as a strategic research question: what interaction model best serves users when accessibility, privacy, and security are all critical at the same time?

That framing changed the work. Instead of optimizing an existing keypad, I reframed the problem around human behavior, observable signals, haptic perception, and public-use risk. That made the solution space more ambitious and more meaningful.

OneButton PIN interface figure
Interface model: one large interaction target replaces the keypad’s spatial selection problem.
Haptic parameters figure
System parameters: Start Time, Interval, and Duration were treated as design variables, not implementation details.
What I mapped
  • User constraint: blind and low-vision users need reduced motor complexity.
  • Context constraint: PIN entry often happens in public or semi-public environments.
  • System constraint: feedback has to be legible without leaking sensitive information.
Why the concept is novel
  • It removes spatial target selection entirely.
  • It turns digit entry into a count-and-release interaction.
  • It uses timing variability as a deliberate part of the security strategy.
  • Digit entry: hold → feel pulses → count → release → digit entered.
  • Wrap behavior: after 9, the counter restarts at 0.
  • Zero entry: quick tap before vibrations start, or deliberate count strategy depending on configuration.
  • Threat-aware design: timing variability can add ambiguity for observers.

🧪 Evaluation strategy

I did not want this to be a speculative concept with no evidence. The evaluation strategy was designed to answer both usability and attack-resistance questions, because the concept only matters if it performs on both dimensions.

Study 1: week-long diary study
  • Participants: 9 blind and low-vision users.
  • Goal: understand learnability, accessibility, and practical usability over repeated use.
  • Measures: speed, accuracy, and workload across conditions.
Study 2: security study
  • Participants: 10 sighted observers.
  • Goal: test whether reduced motion and randomized timing weakened shoulder-surfing success.
  • Outcome focus: not just “can users do it,” but “does it shift the risk profile.”
Conditions compared
  • OBP (default settings)
  • RVI (random VI increase)
  • RST (random ST)
  • RVIST (random VI + ST)
  • TRAD (traditional keypad baseline)
What this shows about my research style
  • I prefer evaluation structures that compare tradeoffs rather than validate one favorite design.
  • I use constraints and conditions to create decision-worthy evidence, not just descriptive findings.
Important limitation: NASA-TLX data for the traditional keypad condition was not collected due to a technical issue. That stays in the story. Good research is honest about what it knows and what it does not.

✅ Why this aligns with strategic UX research roles

This project is relevant because it shows the exact behaviors strong strategic researchers need: reframing the problem before others see it, working across technical and human constraints, and producing evidence that guides direction rather than just describing pain points.

Ambiguity mapping
  • I started with an unclear problem space where accessibility and security goals were in tension.
  • I clarified the decision space before committing to the concept.
Systems thinking
  • The work considered user behavior, feedback channels, device capabilities, and adversarial observation together.
  • The solution was designed as a system, not a screen.
Mixed methods orientation
  • The concept was supported by longitudinal diary research and experimental security testing.
  • This balanced human perception with measurable performance and risk.
Decision usefulness
  • The output is not just “insight.” It points to where the concept is promising, where it needs hardening, and what should be tested next.

🔭 What I’d do next

  • Native implementation: move beyond browser limitations and test platform-level haptics and accessibility APIs.
  • Calibration flow: let users personalize interval and duration based on sensitivity and device hardware.
  • Broader scenario testing: evaluate one-handed use, interrupted sessions, low-battery conditions, and real public environments.
  • Advanced threat modeling: test against high-speed video timing analysis and stronger observation strategies.
  • Production framing: explore whether this belongs as a fallback authentication mode, accessibility option, or broader secure-entry pattern.
Want the full paper + artifacts?
Previous

Activation Fee waiver
Next

Autopay Flexibility & Failure Recover