SPIES Lab, Computer Science and Engineering

News

TAMU SPIES Lab Wins CCS 2025 Distinguished Paper Award!

Posted on by

We are delighted to share that our paper, “Harnessing Vital Sign Vibration Harmonics for Effortless and Inbuilt XR User Authentication,” has received the Distinguished Paper Award at the ACM Conference on Computer and Communications Security (CCS) 2025.

This recognition highlights the impact and innovation of our collaborative work, which introduces a novel authentication mechanism leveraging vibration harmonics derived from users’ vital signs within extended reality (XR) systems to enable continuous, effortless, and built-in user verification.

The acceptance rate for CCS 2025 was 13.9% (316 accepted out of 2,278 submissions), and only about 1% of all submitted papers received a Distinguished Paper Award.

Congratulations to the entire team for this outstanding achievement!

#ACMCCS2025 #CyberSecurity #XR #Authentication

Another recent SPIES graduate to take up faculty position

Posted on by

 

https://scholar.googleusercontent.com/citations?view_op=medium_photo&user=94bU49IAAAAJ&citpid=6Another one joins academia!

Anuradha Mandal, SPIES Lab’s PhD graduate, is taking up a faculty job. She is joining the Computer Science department at the University at Albany, State University of New York (SUNY), as a Visiting Assistant Professor to tenure-track Assistant Professor starting Fall 2025.

Congratulations to Anuradha and best wishes for a successful career in the pretty Up State New York.

 

News: Security and Accessibility Gaps in Web Authentication for Blind and Visually Impaired Users

Posted on by

College Station, TX — June 2025

This news story was fully generated by AI, the text using GPT-4.5 and the image using GPT-4o, with necessary review and corrections by the SPIES researchers.

SHARE THIS

In groundbreaking research presented at the ACM Web Conference 2025 (WWW), researchers from Texas A&M University’s Security and Privacy in Emerging Computing and Networking Systems (SPIES) lab have highlighted significant vulnerabilities and accessibility challenges in two-factor (2FA) and passwordless authentication methods for blind and visually impaired users relying on screen readers.

Illustration showing a blind user using a laptop and phone with screen reader, facing push notification and phishing risks

The study, titled “Broken Access: On the Challenges of Screen Reader Assisted Two-Factor and Passwordless Authentication,” reveals how commonly used authentication methods, such as Google, Microsoft, and Duo’s OTP-2FA, phone call 2FA, push notifications, and FIDO-based MFA, often fail to effectively accommodate the specific needs of blind and visually impaired individuals. Through systematic evaluation using the team’s newly developed Authentication Workflows Accessibility Review and Evaluation (AWARE) framework, researchers found numerous critical security issues, including susceptibility to phishing, notification fatigue, and concurrent login attacks.

Our goal was to expose overlooked gaps in the current authentication landscape that disproportionately affect blind and visually impaired users,” said Md Mojibur Rahman Redoy Akanda, lead author and PhD student working with Dr. Nitesh Saxena. “Despite being promoted as secure and usable, many real-world 2FA and passwordless systems are simply not designed with accessibility in mind.

Key findings highlight how imprecise instructions and insufficient accessibility considerations significantly increase vulnerability for visually impaired users. Specifically, the researchers identified critical conflicts between simultaneous authentication steps (such as receiving OTP codes via phone calls) and screen reader audio prompts, leading to confusion and potential security breaches. Additionally, they discovered screen readers mispronouncing numeric OTPs, interpreting them incorrectly as continuous numbers rather than distinct digits, and observed difficulties in managing authentication prompts when users concurrently used screen readers on both smartphones and PCs.

This research opens up a much-needed conversation at the intersection of accessibility and cybersecurity,” said Dr. Nitesh Saxena, Director of the SPIES Lab at Texas A&M University. “We hope these findings will guide system designers, developers, and policymakers to adopt more inclusive authentication practices—making secure access a right, not a privilege.

This research underscores the urgent need for developers to implement clearer authentication workflows and better integration of accessibility standards. The SPIES team offers concrete recommendations for enhancing security and usability, such as explicit instructions, automated phishing detection, and optimized communication between authentication interfaces and screen readers.

The findings presented at WWW ’25 are a pivotal step toward ensuring digital authentication methods are secure and inclusive for all users, particularly the visually impaired.

To read the full paper, click here.

Citation:
Md Mojibur Rahman Redoy Akanda, Ahmed Tanvir Mahdad, and Nitesh Saxena. 2025. Broken Access: On the Challenges of Screen Reader Assisted Two-Factor and Passwordless Authentication. In Proceedings of the ACM Web Conference 2025 (WWW ’25), April 28–May 2, 2025, Sydney, NSW, Australia. ACM, New York, NY, USA, 13 pages. https://doi.org/10.1145/3696410.3714579

Read more stories like this on AI Spies News.

Follow us on Medium.