Skip to main content
SpringerLink
Log in

The trouble with login: on usability and computer security in ubiquitous computing

  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

Logging in by typing usernames and passwords is by far the most common way to access modern computer systems. However, such contemporary user authentication mechanisms are inappropriate in a ubiquitous computing environment, where users constantly are accessing a wide range of different devices. This paper introduces new concepts for user authentication in ubiquitous computing, such as the notion of proximity-based user authentication and silent login. The design of these new mechanisms is part of the design of a ubiquitous computing infrastructure for hospitals, which is grounded in field studies of medical work in hospitals. The paper reports from field studies of clinicians using an electronic patient record (EPR) and describes severe usability problems associated with its login procedures. The EPR’s login mechanisms do not recognize the nature of medical work as being nomadic, interrupted, and cooperative around sharing common material. The consequence is that login is circumvented and security is jeopardized.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Adams A, Sasse MA (1999) Users are not the enemy. Commun ACM 42(12):40–46

    Article  Google Scholar 

  2. Bardram J, Bossen C, Lykke-Olesen A, Nielsen R, Madsen KH (2002) Virtual video prototyping of pervasive healthcare systems. In: Proceedings of the conference on Designing interactive systems. ACM Press, pp 167–177

  3. Bardram JE (2004) Activity-based support for mobility and collaboration in ubiquitous Computing. In: Baresi L (ed) Proceedings of the 2nd international conference on ubiquitous mobile information and collaboration systems (UMICS 2004). Lecture Notes in Computer Science, Riga, Latvia, Sept. 2004. Springer-Verlag, pp 169–184

  4. Bardram JE, Bossen C (2003) Moving to get aHead: local mobility and collaborative work. In: Kuutti K, Karsten EH, Fitzpatrick G, Dourish P, Schmidt K (eds) Proceedings of the Eighth European Conference on Computer Supported Cooperative Work. Helsinki, Finland, Sept. 2003. Kluwer Academic Publishers, pp 355–374

  5. Bardram JE, Kjær RE, Pedersen MØ (2003) Context-Aware User Authentication—Supporting Proximity-Based Login in Pervasive Computing. In: Dey A, McCarthy J, Schmidt A, (eds) Proceedings of UbiComp 2003, volume 2864 of Lecture Notes in Computer Science. Seattle, Washington, USA, Oct. 2003. Springer Verlag, pp 107–123

  6. Bardram JE, Kjær TK, Nielsen C (2003) Supporting Local Mobility in Healthcare by Application Roaming among Heterogeneous Devices. In: Chittaro L (ed) Proceedings of the Fifth International Conference on Human Computer Interaction with Mobile Devices and Services, volume 2795 of Lecture Notes in Computer Science. Udine, Italy, Sept. 2003. Springer Verlag, pp 161–176

  7. Beaudouin-Lafon M, Lassen HM (2000) The architecture and implementation of CPN2000, a post-WIMP graphical application. In: Proceedings of the 13th annual ACM symposium on User interface software and technology. ACM Press, pp 181–190

  8. Burkhardt J, Henn H, Hepper S, Rindtorff K, Schack T, Schaeck T (2002) Pervasive Computing: Technology and Architecture of Mobile Internet Applications. Addison-Wesley, 1st edn, 2002

    Google Scholar 

  9. Christensen HB, Bardram JE (2002) Supporting Human Activities – Exploring Activity-Centered Computing. In: Borriello G, Holmquist LE (eds) Proceedings of Ubicomp 2002: Ubiquitous Computing, volume 2498 of Lecture Notes in Computer Science. Göteborg, Sweden, Sept. 2002. Springer Verlag, pp 107–116

  10. Dietz P, Leigh D (2001) DiamondTouch: a multi-user touch technology. In: Proceedings of the 14th annual ACM symposium on User interface software and technology. ACM Press, pp 219–226

  11. Flechais I, Sasse MA, Hailes SMV (2003) Bringing Security Home: A process for developing secure and usable systems. In: Proceedings of the 2003 Workshop on New Security Paradigms. ACM Press

  12. Jain A, Hong L, Pankanti S (2000) Biometric identification. Communications of the ACM 43(2):90–98

    Article  Google Scholar 

  13. Jordan B (1996) Ethnographic Workplace Studies and CSCW. In: Shapiro D, Tauber M, Traunmüller R (eds) The Design of Computer Supported Cooperative Work and Groupware Systems. Elsevier

  14. Kensing F, Halskov Madsen K (1991) Generating Visions: Future Workshops and Metaphorical Design. In: Greenbaum J, Kyng M (eds) Design at Work: Cooperative Design of Computer Systems. Lawrence Erlbaum Associates, Hillsdale, NJ, pp 155–168

  15. Luff P, Heath C (1998) Mobility in collaboration. In: Poltrock S, Grudin J, (eds) Proceedings of the 1998 ACM conference on Computer Supported Cooperative Work. ACM Press, pp 305–314

  16. Mansfield T, Kelly G, Chandler D, Kane J (2001) Biometric Product Testing. Final Report. Technical Report CESG contract X92A/4009309, CESG – The National Technical Authority for Information Assurance, Centre for Mathematics and Scientific Computing, National Physical Laboratory, UK, 2001. Available from http://www.cesg.gov.uk/

  17. Norman D (1981) The Trouble with UNIX. Datamation, 27(7)

  18. Patton MQ (1990) Qualitative Evaluation and Research Methods, 2nd edn. Sage Publications, London

    Google Scholar 

  19. Schneider B (2000) Secrets and Lies : Digital Security in a Networked World, 1st edn. John Wiley & Sons

    Google Scholar 

  20. Sellen AJ, Harper RHR (2001) The Myth of the Paperless Office, 1st edn. MIT Press

  21. Sundhedsstyrelsen (2002) IT-sikkerhedsvejledning for sygehuse (IT Security Recommendations for Hospitals). Technical report, Sundhedsstyrelsen (The Danish Health Authorities), Copenhagen, Denmark, 2002. Available from http://www.sst.dk/

  22. Tanenbaum AS (2001) Modern Operating Systems, 2nd edn. Prentice Hall

  23. Weiser M (1991) The Computer for the 21st Century. Scientific American 265(3):66–75

    Article  PubMed  Google Scholar 

  24. Zurko ME, Simon RT (1996) User-centered security. In: Proceedings of the 1996 workshop on New security paradigms. ACM Press, pp 27–33

Download references

Acknowledgments

The field study of department T was done together with Christina Nielsen and Thomas K. Kjær. We are grateful to the clinicians at department T for participation in this work. The Danish Center of Information Technology (CIT) funded this research.

Author information

Authors and Affiliations

  1. Centre for Pervasive Healthcare, Department of Computer Science, University of Aarhus, Aabogade 34, 8200, Aarhus N, Denmark

    Jakob E. Bardram

Authors
  1. Jakob E. Bardram
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jakob E. Bardram.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bardram, J.E. The trouble with login: on usability and computer security in ubiquitous computing. Pers Ubiquit Comput 9, 357–367 (2005). https://doi.org/10.1007/s00779-005-0347-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-005-0347-6

Keywords

Search

Navigation