Abstract
Logging in by typing usernames and passwords is by far the most common way to access modern computer systems. However, such contemporary user authentication mechanisms are inappropriate in a ubiquitous computing environment, where users constantly are accessing a wide range of different devices. This paper introduces new concepts for user authentication in ubiquitous computing, such as the notion of proximity-based user authentication and silent login. The design of these new mechanisms is part of the design of a ubiquitous computing infrastructure for hospitals, which is grounded in field studies of medical work in hospitals. The paper reports from field studies of clinicians using an electronic patient record (EPR) and describes severe usability problems associated with its login procedures. The EPR’s login mechanisms do not recognize the nature of medical work as being nomadic, interrupted, and cooperative around sharing common material. The consequence is that login is circumvented and security is jeopardized.
Similar content being viewed by others
References
Adams A, Sasse MA (1999) Users are not the enemy. Commun ACM 42(12):40–46
Bardram J, Bossen C, Lykke-Olesen A, Nielsen R, Madsen KH (2002) Virtual video prototyping of pervasive healthcare systems. In: Proceedings of the conference on Designing interactive systems. ACM Press, pp 167–177
Bardram JE (2004) Activity-based support for mobility and collaboration in ubiquitous Computing. In: Baresi L (ed) Proceedings of the 2nd international conference on ubiquitous mobile information and collaboration systems (UMICS 2004). Lecture Notes in Computer Science, Riga, Latvia, Sept. 2004. Springer-Verlag, pp 169–184
Bardram JE, Bossen C (2003) Moving to get aHead: local mobility and collaborative work. In: Kuutti K, Karsten EH, Fitzpatrick G, Dourish P, Schmidt K (eds) Proceedings of the Eighth European Conference on Computer Supported Cooperative Work. Helsinki, Finland, Sept. 2003. Kluwer Academic Publishers, pp 355–374
Bardram JE, Kjær RE, Pedersen MØ (2003) Context-Aware User Authentication—Supporting Proximity-Based Login in Pervasive Computing. In: Dey A, McCarthy J, Schmidt A, (eds) Proceedings of UbiComp 2003, volume 2864 of Lecture Notes in Computer Science. Seattle, Washington, USA, Oct. 2003. Springer Verlag, pp 107–123
Bardram JE, Kjær TK, Nielsen C (2003) Supporting Local Mobility in Healthcare by Application Roaming among Heterogeneous Devices. In: Chittaro L (ed) Proceedings of the Fifth International Conference on Human Computer Interaction with Mobile Devices and Services, volume 2795 of Lecture Notes in Computer Science. Udine, Italy, Sept. 2003. Springer Verlag, pp 161–176
Beaudouin-Lafon M, Lassen HM (2000) The architecture and implementation of CPN2000, a post-WIMP graphical application. In: Proceedings of the 13th annual ACM symposium on User interface software and technology. ACM Press, pp 181–190
Burkhardt J, Henn H, Hepper S, Rindtorff K, Schack T, Schaeck T (2002) Pervasive Computing: Technology and Architecture of Mobile Internet Applications. Addison-Wesley, 1st edn, 2002
Christensen HB, Bardram JE (2002) Supporting Human Activities – Exploring Activity-Centered Computing. In: Borriello G, Holmquist LE (eds) Proceedings of Ubicomp 2002: Ubiquitous Computing, volume 2498 of Lecture Notes in Computer Science. Göteborg, Sweden, Sept. 2002. Springer Verlag, pp 107–116
Dietz P, Leigh D (2001) DiamondTouch: a multi-user touch technology. In: Proceedings of the 14th annual ACM symposium on User interface software and technology. ACM Press, pp 219–226
Flechais I, Sasse MA, Hailes SMV (2003) Bringing Security Home: A process for developing secure and usable systems. In: Proceedings of the 2003 Workshop on New Security Paradigms. ACM Press
Jain A, Hong L, Pankanti S (2000) Biometric identification. Communications of the ACM 43(2):90–98
Jordan B (1996) Ethnographic Workplace Studies and CSCW. In: Shapiro D, Tauber M, Traunmüller R (eds) The Design of Computer Supported Cooperative Work and Groupware Systems. Elsevier
Kensing F, Halskov Madsen K (1991) Generating Visions: Future Workshops and Metaphorical Design. In: Greenbaum J, Kyng M (eds) Design at Work: Cooperative Design of Computer Systems. Lawrence Erlbaum Associates, Hillsdale, NJ, pp 155–168
Luff P, Heath C (1998) Mobility in collaboration. In: Poltrock S, Grudin J, (eds) Proceedings of the 1998 ACM conference on Computer Supported Cooperative Work. ACM Press, pp 305–314
Mansfield T, Kelly G, Chandler D, Kane J (2001) Biometric Product Testing. Final Report. Technical Report CESG contract X92A/4009309, CESG – The National Technical Authority for Information Assurance, Centre for Mathematics and Scientific Computing, National Physical Laboratory, UK, 2001. Available from http://www.cesg.gov.uk/
Norman D (1981) The Trouble with UNIX. Datamation, 27(7)
Patton MQ (1990) Qualitative Evaluation and Research Methods, 2nd edn. Sage Publications, London
Schneider B (2000) Secrets and Lies : Digital Security in a Networked World, 1st edn. John Wiley & Sons
Sellen AJ, Harper RHR (2001) The Myth of the Paperless Office, 1st edn. MIT Press
Sundhedsstyrelsen (2002) IT-sikkerhedsvejledning for sygehuse (IT Security Recommendations for Hospitals). Technical report, Sundhedsstyrelsen (The Danish Health Authorities), Copenhagen, Denmark, 2002. Available from http://www.sst.dk/
Tanenbaum AS (2001) Modern Operating Systems, 2nd edn. Prentice Hall
Weiser M (1991) The Computer for the 21st Century. Scientific American 265(3):66–75
Zurko ME, Simon RT (1996) User-centered security. In: Proceedings of the 1996 workshop on New security paradigms. ACM Press, pp 27–33
Acknowledgments
The field study of department T was done together with Christina Nielsen and Thomas K. Kjær. We are grateful to the clinicians at department T for participation in this work. The Danish Center of Information Technology (CIT) funded this research.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bardram, J.E. The trouble with login: on usability and computer security in ubiquitous computing. Pers Ubiquit Comput 9, 357–367 (2005). https://doi.org/10.1007/s00779-005-0347-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-005-0347-6