Abstract
The latest smartphones have started providing multiple authentication options including PINs, patterns, and passwords (knowledge based), as well as face, fingerprint, iris, and voice identification (biometric-based). In this article, we conducted two user studies to investigate how the convenience and security of unlocking phones are influenced by the provision of multiple authentication options. In a task-based user study with 52 participants, we analyze how participants choose an option to unlock their smartphone in daily life. The user study results demonstrate that providing multiple biometric-based authentication choices does not really influence convenience, because fingerprint had monopolistic dominance in the usage of unlock methods (111 of a total of 115 unlock trials that used a biometric-based authentication factor) due to users’ habitual behavior and fastness in unlocking phones. However, convenience was influenced by the provision of both knowledge-based and biometric-based authentication categories, as biometric-based authentication options were used in combination with knowledge-based authentication options—pattern was another frequently used unlock method. Our findings were confirmed and generalized through a follow-up survey with 327 participants. First, knowledge-based and biometric-based authentication options are used interchangeably. Second, providing multiple authentication options for knowledge-based authentication may influence convenience—both PINs (55.7%) and patterns (39.2%) are quite evenly used. Last, in contrast to knowledge-based authentication, providing multiple authentication choices for biometric-based authentication has less influence on choosing unlock options—fingerprint scanner is the most frequently used option (134 of 187 unlock methods used among biometric-based authentication options).
- Yusuf Albayram, Mohammad Maifi Hasan Khan, Theodore Jensen, and Nhan Nguyen. 2017. “...better to use a lock screen than to worry about saving a few seconds of time”: Effect of fear appeal in the context of smartphone locking behavior. In Proceedings of the 13rd Symposium on Usable Privacy and Security.Google Scholar
- Android. 2019. Set your device for automatic unlock. Retrieved from https://support.google.com/nexus/answer/6093922.Google Scholar
- Apple. 2017. iOS Security: iOS 10. Retrieved from https://www.apple.com/business/docs/iOS_Security_Guide.pdf.Google Scholar
- Rasekhar Bhagavatula, Blase Ur, Kevin Iacovino, Su Mon Kywe, Lorrie Faith Cranor, and Marios Savvides. 2015. Biometric authentication on iphone and android: Usability, perceptions, and influences on adoptio. In Proceedings of the 3rd Workshop on Usable Security.Google Scholar
Cross Ref
- Joseph Bonneau, Sören Preibusch, and Ross Anderson. 2012. A birthday present every eleven wallets? The security of customer-chosen banking PINs. In Proceedings of the 16th International Conference on Financial Cryptography and Data Security.Google Scholar
Cross Ref
- Seunghun Cha, Sungsu Kwag, Hyoungshick Kim, and Jun Ho Huh. 2017. Boosting the guessing attack performance on android lock patterns with smudge attacks. In Proceedings of the 12nd ACM Asia Conference on Computer and Communications Security.Google Scholar
Digital Library
- Ivan Cherapau, Ildar Muslukhov, Nalin Asanka, and Konstantin Beznosov. 2015. On the impact of touch ID on iphone passcodes. In Proceedings of the 11st Symposium on Usable Privacy and Security.Google Scholar
- Alexander De Luca, Alina Hang, Emanuel von Zezschwitz, and Heinrich Hussmann. 2015. I feel like i’m taking selfies all day!: Towards understanding biometric authentication on smartphones. In Proceedings of the 33rd ACM Conference on Human Factors in Computing Systems.Google Scholar
- Serge Egelman, Sakshi Jain, Rebecca S. Portnoff, Kerwell Liao, Sunny Consolvo, and David Wagner. 2014. Are you ready to lock?. In Proceedings of the 21st ACM Conference on Computer and Communications Security.Google Scholar
Digital Library
- Alain Forget, Sonia Chiasson, and Robert Biddle. 2015. Choose your own authentication. In Proceedings of the 24th Workshop on New Security Paradigms.Google Scholar
Digital Library
- Barney G. Glaser and Anselm L. Strauss. 1999. The Discovery of Grounded Theory: Strategies for Qualitative Research. Transaction Publishers.Google Scholar
- Marian Harbach, Emanuel von Zezschwitz, Andreas Fichtner, Alexander De Luca, and Serge Egelman. 2016. The anatomy of smartphone unlocking: A field study of android lock screens. In Proceedings of the 34th ACM Conference on Human Factors in Computing Systems.Google Scholar
Digital Library
- Marian Harbach, Emanuel von Zezschwitz, Andreas Fichtner, Alexander De Luca, and Matthew Smith. 2014. It’s a hard lock life: A field study of smartphone (un)locking behavior and risk perception. In Proceedings of the 10th Symposium on Usable Privacy and Security.Google Scholar
- Yousra Javed, Mohamed Shehab, and Emmanuel Bello-Ogunu. 2017. Investigating user comprehension and risk perception of apple’s touch ID technology. In Proceedings of the 12nd International Conference on Availability, Reliability and Security.Google Scholar
Digital Library
- Hyoungshick Kim and Jun Ho Huh. 2012. PIN selection policies: Are they really effective? Comput. Secur. 31, 4 (2012), 484--496.Google Scholar
Digital Library
- Jerry Ma, Weining Yang, Min Luo, and Ninghui Li. 2014. A study of probabilistic password models. In Proceedings of the 35th IEEE Symposium on Security and Privacy.Google Scholar
Digital Library
- Ahmed Mahfouz, Ildar Muslukhov, and Konstantin Beznosov. 2016. Android users in the wild: Their authentication and usage behavior. Perv. Mobile Comput. 32 (2016), 50--61.Google Scholar
Cross Ref
- Shrirang Mare, Mary Baker, and Jeremy Gummeson. 2016. A study of authentication in daily life. In Proceedings of the 12nd Symposium on Usable Privacy and Security.Google Scholar
- Neil Mawston. 2017. Samsung Galaxy S8 Becomes World’s Best-Selling Android Smartphone in Q2 2017. Retrieved from https://www.strategyanalytics.com/strategy-analytics/news/strategy-analytics-press-releases/strategy-analytics-press-release/2017/08/16/sa-samsung-galaxy-s8-becomes-world%27s-best-selling-android-smartphone-in-q2-2017.Google Scholar
- Lina Qiu, Alexander De Luca, Ildar Muslukhov, and Konstantin Beznosov. 2019. Towards understanding the link between age and smartphone authentication. In Proceedings of the 37th ACM Conference on Human Factors in Computing Systems.Google Scholar
Digital Library
- Elizabeth Stobert and David Barrera. 2016. Picking a (smart)lock: Locking relationships on mobile devices. In Proceedings of the 12nd Symposium on Usable Privacy and Security.Google Scholar
- Elizabeth Stobert and Robert Biddle. 2014. The password life cycle: User behaviour in managing passwords. In Proceedings of the 10th Symposium on Usable Privacy and Security.Google Scholar
- Shari Trewin, Cal Swart, Larry Koved, Jacquelyn Martino, Kapil Singh, and Shay Ben-David. 2012. Biometric authentication on a mobile device: A study of user effort, error and task disruption. In Proceedings of the 28th Annual Computer Security Applications Conference.Google Scholar
Digital Library
- Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, and Thorsten Holz. 2013. Quantifying the security of graphical passwords: The case of android unlock patterns. In Proceedings of the 20th ACM Conference on Computer and Communications Security.Google Scholar
Digital Library
- Blase Ur, Jonathan Bees, Sean M. Segreti, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. Do users’ perceptions of password security match reality? In Proceedings of the 34th ACM Conference on Human Factors in Computing Systems.Google Scholar
Digital Library
- Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2015. “I Added ‘!’ at the end to make it secure”: Observing password creation in the lab. In Proceedings of the 11st Symposium on Usable Privacy and Security.Google Scholar
Index Terms
On the Security and Usability Implications of Providing Multiple Authentication Choices on Smartphones: The More, the Better?
Recommendations
Lip-Sync Personal Authentication System Using Movement Feature of Lip
ICBAKE '13: Proceedings of the 2013 International Conference on Biometrics and Kansei EngineeringBiometric authentication using physiological feature has issue of forgery and theft. Furthermore it can't change key in these case. In this paper, we propose new personal authentication system that uses behavioral feature of lip-movement among biometric ...
Palmprint authentication using pattern classification techniques
SEMCCO'11: Proceedings of the Second international conference on Swarm, Evolutionary, and Memetic Computing - Volume Part IBiometric technology incorporates several physiological and behavioral traits for personal authentication whenever deployed for security systems. Palmprint is one of the physiological trait has been utilized several times for key applications. This ...
Biometric Authentication by Handwriting Using Leap Motion
IMCOM '16: Proceedings of the 10th International Conference on Ubiquitous Information Management and CommunicationIn recent years, biometrics authentication becomes popular. No key is required in biometrics authentication while password must be remembered in password authentication. Moreover, living parts for biometrics authentication cannot be stolen with usual ...






Comments