Abstract
Authentication is a security measure designed to allow authorized users to use the system securely with minimum interference on the usability of the system. Although numerous user studies had examined various authentication methods such as traditional alphanumeric password, graphical password, and biometrics, very limited research investigated users’ performance and preference when they were allowed to choose the authentication method(s) of their choice for a specific application. This study was conducted as an initial attempt to fill in that gap. We developed a mobile application called the ‘Event manager’ that offers calendar and file management functions. Regarding the authentication, the ‘Event manager’ app provides users the freedom to choose their preferred authentication method(s) among five commonly adopted authentication mechanisms. We conducted an empirical user study with a ‘within-group’ design to investigate users’ initial interaction with three different types of authentication processes: alphanumeric passwords, one-factor authentication of choice, and two-factor authentication of choice. 75 participants completed the study. The result of the study will help understand users’ general perception regarding the ‘authentication of choice’ approach as well as their preferred authentication method or combination of methods in the context of mobile devices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX Conference on Offensive Technologies, pp 1–7. USENIX Association, Berkeley (2010). http://dl.acm.org/citation.cfm?id=1925004.1925009
Banyal, R.K., Jain, P., Jain, V.K.: Multi-factor authentication framework for cloud computing. In: Proceedings of the Fifth International Conference on Computational Intelligence, Modelling and Simulation (CIMSim), Seoul, Korea, 24–25 September 2013, pp. 105–110 (2013)
Beautement, A., Sasse, M.A., Wonham, M.: The compliance budget: managing security behavior in organizations. In: Proceedings of the Workshop on New Security Paradigms, pp. 47–58 (2010). https://doi.org/10.1145/1595676.1595684
Belk, M., Fidas, C., Germanakos, P., Samaras, G.: Security for diversity: studying the effects of verbal and imagery processes on user authentication mechanisms. In: Kotzé, P., Marsden, G., Lindgaard, G., Wesson, J., Winckler, M. (eds.) INTERACT 2013. LNCS, vol. 8119, pp. 442–459. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40477-1_27
Clarke, R.: Sufficiently Rich Model of (id)Entity, Authentication and Authorization (2010). http://www.rogerclarke.com/ID/IdModel1002.html#MAc
Cohen, S., Ben-Asher, N., Meyer, J.: Towards information technology security for universal access. In: Stephanidis, C. (ed.) UAHCI 2011. LNCS, vol. 6765, pp. 443–451. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21672-5_48
Cranor, L.F., Buchler, N.: Better together: usability and security go hand in hand. In: IEEE Security & Privacy, vol. 12, no. 6, pp. 89–93 (2014). https://doi.org/10.1109/msp.2014.109
De Cristofaro, E., Du, H., Freudiger, J., Norcie, G.: A comparative usability study of two-factor authentication. arXiv preprint arXiv:1309.5344 (2013)
Fairweather, P., Hanson, V., Detweiler, S., Schwerdtfeger, R.: From assistive technology to a web accessibility service. In: Proceedings of the 5th International ACM Conference on Assistive Technologies (ASSETS). pp. 4–8. ACM (2002)
Gutmann, P., Grigg, I.: Security usability. IEEE Secur. Priv. 3(4), 56–58 (2005)
Habtamu, A.: Different Ways to Authenticate Users with the Pros and Cons of each Method, Norsk Regnesentral, Norwegian (2006)
Jain, A., Ross, A., Nandakumar, K.: Introduction to Biometrics. Springer, Boston (2011). https://doi.org/10.1007/978-0-387-77326-1
Katsini, C., Belk, M., Fidas, C., Avouris, N., Samaras, G.: Security and usability in knowledge-based user authentication: a review (2016). https://doi.org/10.1145/3003733.3003764
Kemp, S.: Digital in 2017: global overview. We are social (2017). https://wearesocial.com/specialreports/digital-in-2017-global-overview
Konoth, R.K., van der Veen, V., Bos, H.: How anywhere computing just killed your phone-based two-factor authentication. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 405–421. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54970-4_24
Lampson, B.W.: Computer security in the real world. IEEE Comput. 37(6), 37–46 (2004)
Marcin, R., Khalid, S., Mariusz, R., Marek, T., Marcin, A.: User authentication for mobile devices. In: 12th International Conference on Information Systems and Industrial Management (CISIM), Krakow, Poland, September 2013, pp. 47–58 (2013)
O’Gorman, L.: Comparing passwords, tokens, and biometrics for user authentication. Proc. IEEE 91(2003), 2021–2040 (2003)
Park, Y.H., et al.: A multimodal biometric recognition of touched fingerprint and finger-vein. In: 2011 International Conference on Multimedia and Signal Processing, vol. 1, pp. 247–250 (2011)
Renaud, K.: Quantification of authentication mechanisms - a usability perspective. J. Web Eng. 3(2), 95–123 (2004)
Sailer, R., Zhang, X., Jaeger, T., Van Doorn, L.: Design and implementation of a TCG based integrity measurement architecture. In: Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004, vol. 13, p. 16. USENIX Association, Berkeley (2004)
Mayron, L.M., Hausawi, Y., Bahr, G.S.: Secure, usable biometric authentication systems. In: Stephanidis, C., Antona, M. (eds.) UAHCI 2013. LNCS, vol. 8009, pp. 195–204. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39188-0_21
Teh, P.S., Zhang, N., Tan, S.: Strengthen user authentication on mobile devices by using user’s touch dynamics pattern. J Ambient Intell. Human Comput. (2019). https://doi.org/10.1007/s12652-019-01654-y
Yee, K.-P.: User interaction design for secure systems. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 278–290. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36159-6_24
Zakaria, N.H., Grifths, D., Brostof, S., Yan, J.: Shoulder surfing defense for recall-based graphical passwords. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, pp. 6:1– 6:12. ACM, New York (2011). https://doi.org/10.1145/2078827.2078835
Acknowledgements
We would like to thank Edward Miklewski for his assistance in data collection. We also want to thank all the participants.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Oluwafemi, A.J., Feng, J.H. (2020). Authentication of Choice on Mobile Devices: A Preliminary Investigation. In: Stephanidis, C., Marcus, A., Rosenzweig, E., Rau, PL.P., Moallem, A., Rauterberg, M. (eds) HCI International 2020 - Late Breaking Papers: User Experience Design and Case Studies. HCII 2020. Lecture Notes in Computer Science(), vol 12423. Springer, Cham. https://doi.org/10.1007/978-3-030-60114-0_49
Download citation
DOI: https://doi.org/10.1007/978-3-030-60114-0_49
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-60113-3
Online ISBN: 978-3-030-60114-0
eBook Packages: Computer ScienceComputer Science (R0)