Personalising an interface to the needs and preferences of a user often incurs additional interaction steps. In this paper, we demonstrate a novel method that enables the personalising of an interface without the need for explicit calibration procedures, via a process we call self-calibration. A second-order effect of self-calibration is that an outside observer cannot easily infer what a user is trying to achieve because they cannot interpret the user's actions. To explore this security angle, we developed IFTT-PIN (If This Then PIN) as the first self-calibrating PIN-entry method. When using IFTT-PIN, users are free to choose any button for any meaning without ever explicitly communicating their choice to the machine. IFTT-PIN infers both the user's PIN and their preferred button mapping at the same time. This paper presents the concept, implementation, and interactive demonstrations of IFTT-PIN, as well as an evaluation against shoulder surfing attacks. Our study (N=24) shows that by adding self-calibration to an existing PIN entry method, IFTT-PIN statistically significantly decreased PIN attack decoding rate by ca. 8.5 times (p=1.1e-9), while only decreasing the PIN entry encoding rate by ca. 1.4 times (p=0.02), leading to a positive security-usability trade-off. IFTT-PIN's entry rate significantly improved 21 days after first exposure (p=3.6e-6) to the method, suggesting self-calibrating interfaces are memorable despite using an initially undefined user interface. Self-calibration methods might lead to novel opportunities for interaction that are more inclusive and versatile, a potentially interesting challenge for the community. A short introductory video is available at https://youtu.be/pP5sfniNRns.

翻译：根据用户需求和偏好个性化界面通常需要额外的交互步骤。本文提出一种新颖方法，通过我们称之为自校准的过程，无需显式校准程序即可实现界面个性化。自校准的次级效应在于，外部观察者难以推断用户意图，因为他们无法解读用户的操作行为。为探索这一安全特性，我们开发了IFTT-PIN（If This Then PIN）作为首个自校准PIN码输入方法。使用IFTT-PIN时，用户可自由选择任意按钮表达任意含义，且无需向机器显式传达其选择。IFTT-PIN能同时推断用户的PIN码及其偏好的按钮映射关系。本文阐述了IFTT-PIN的概念设计、系统实现与交互演示，并针对肩窥攻击进行了评估。我们的研究（N=24）表明，通过在现有PIN码输入方法中引入自校准机制，IFTT-PIN使PIN码攻击解码率显著降低约8.5倍（p=1.1e-9），而PIN码输入编码率仅降低约1.4倍（p=0.02），实现了安全性与可用性的正向权衡。首次接触该方法21天后，IFTT-PIN的输入速率显著提升（p=3.6e-6），表明自校准界面虽采用初始未定义的交互方式，仍具有良好的记忆保持性。自校准方法可能为更具包容性和普适性的新型交互范式创造机遇，这对研究社区而言是潜在的重要挑战。简短介绍视频详见 https://youtu.be/pP5sfniNRns。