More Web Proxy on the site http://driver.im/

Article

A study of authentication in daily life

Authors:

Jeremy GummesonAuthors Info & Claims

SOUPS '16: Proceedings of the Twelfth USENIX Conference on Usable Privacy and Security

Pages 189 - 206

Published: 22 June 2016 Publication History

Abstract

We report on a wearable digital diary study of 26 participants that explores people's daily authentication behavior across a wide range of targets (phones, PCs, websites, doors, cars, etc.) using a wide range of authenticators (passwords, PINs, physical keys, ID badges, fingerprints, etc.). Our goal is to gain an understanding of how much of a burden different kinds of authentication place on people, so that we can evaluate what kinds of improvements would most benefit them. We found that on average 25% of our participants' authentications employed physical tokens such as car keys, which suggests that token-based authentication, in addition to password authentication, is a worthy area for improvement. We also found that our participants' authentication behavior and opinions about authentication varied greatly, so any particular solution might not please everyone. We observed a surprisingly high (3-12%) false reject rate across many types of authentication. We present the design and implementation of the study itself, since wearable digital diary studies may prove useful for others exploring similar topics of human behavior. Finally, we provide an example use of participants' logs of authentication events as simulation workloads for investigating the possible energy consumption of a "universal authentication" device.

References

[1]

A. Adams, M. A. Sasse, and P. Lunt. Making passwords secure and usable. In People and Computers XII, pages 1-19. Springer London, Jan. 1997.

Digital Library

[2]

AnalogDevices. ADXL362. Online at http://www.analog.com/en/products/mems/mems-accelerometers/adxl362.html. Last accessed June 2016.

[3]

AustrianMicrosystems. AS3953. Online at http://ams.com/eng/Products/Wireless-Connectivity/Sensor-Tags-Interfaces/AS3953. Last accessed June 2016.

[4]

L. Bauer, L. F. Cranor, M. K. Reiter, and K. Vaniea. Lessons learned from the deployment of a smartphone-based access-control system. In Proceedings of the Symposium On Usable Privacy and Security (SOUPS), pages 64-75, 2007.

Digital Library

[5]

L. F. Cranor. What's wrong with your pa$$w0rd? TED, Mar. 2014. Online at http://www.ted.com/talks/lorrie_faith_cranor_what_s_wrong_with_your_pa_w0rd?language=en. Last accessed June 2016.

[6]

L. F. Cranor and S. Garfinkel. Security and usability: Designing secure systems that people can use. O'Reilly Media, Inc., 2005.

Digital Library

[7]

S. M. Curry. An introduction to the java ring. Java World, April 1998. Online at http://www.javaworld.com/article/2076641/learn-java/an-introduction-to-the-java-ring.html. Last accessed June 2016.

[8]

A. De Luca, A. Hang, E. von Zezschwitz, and H. Hussmann. I feel like I'm taking selfies all day!: Towards understanding biometric authentication on smartphones. In Proceedings of the Conference on Human Factors in Computing Systems (CHI), pages 1411-1414, 2015.

Digital Library

[9]

S. Egelman, S. Jain, R. Portnoff, K. Liao, S. Consolvo, and D. Wagner. Are you ready to lock? In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Nov. 2014.

Digital Library

[10]

D. Florêncio and C. Herley. A large-scale study of web password habits. In Proceedings of the International World Wide Web Conference (WWW). ACM, 2007.

Digital Library

[11]

A. Greenberg. The app I used to break into my neighbor's home. Wired, July 2014. Online at http://www.wired.com/2014/07/keyme-let-me-break-in/. Last accessed June 2016.

[12]

J. Gummeson, B. Priyantha, and J. Liu. An energy harvesting wearable ring platform for gesture input on surfaces. In Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys), pages 162-175. ACM, 2014.

Digital Library

[13]

M. Harbach, E. von Zezschwitz, A. Fichtner, A. D. Luca, and M. Smith. It's a hard lock life: A field study of smartphone (un)locking behavior and risk perception. In Proceedings of the Symposium On Usable Privacy and Security (SOUPS), pages 213-230, July 2014. Online at https://www.usenix.org/system/files/conference/soups2014/soups14-paper-harbach.pdf. Last accessed June 2016.

[14]

E. Hayashi and J. Hong. A diary study of password usage in daily life. In Proceedings of the Conference on Human Factors in Computing Systems (CHI), pages 2627-2630, 2011.

Digital Library

[15]

C. Herley. So long, and no thanks for the externalities: The rational rejection of security advice by users. In Proceedings of the Workshop on New Security Paradigms Workshop (NSPW), pages 133-144, 2009.

Digital Library

[16]

D. Hintze, R. D. Findling, M. Muaaz, S. Scholz, and R. Mayrhofer. Diversity in locked and unlocked mobile device usage. In Proceedings of the ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication (UbiComp Adjunct), pages 379-384, 2014.

Digital Library

[17]

I. Ion, R. Reeder, and S. Consolvo. "...no one can hack my mind": Comparing expert and non-expert security practices. In Proceedings of the Symposium On Usable Privacy and Security (SOUPS), pages 323-346, July 2015. Online at https://www.usenix.org/system/files/conference/soups2015/soups15-paper-ion.pdf. Last accessed June 2016.

[18]

I. Lillegaard, E. Løken, and L. Andersen. Relative validation of a pre-coded food diary among children, under-reporting varies with reporting day and time of the day. European journal of clinical nutrition, 61(1):61-68, 2007.

[19]

I. Lookout, Harris Interactive. Mobile mindset study, June 2012. Online at https://www.lookout.com/static/ee_images/lookout-mobile-mindset-2012.pdf. Last accessed June 2016.

[20]

Lookout, Inc., Harris Interactive. Survey reveals consumers exhibit risky behaviors despite valuing their privacy on mobile devices, Oct. 2013. Online at https://www.lookout.com/news-mobile-security/sprint-lookout-mobile-privacy-survey. Last accessed June 2016.

[21]

MaximSemiconductor. MAX17058. Online at http://datasheets.maximintegrated.com/en/ds/MAX17058-MAX17059.pdf. Last accessed June 2016.

[22]

MaximSemiconductor. MAX17710. Online at http://datasheets.maximintegrated.com/en/ds/MAX17710.pdf. Last accessed June 2016.

[23]

M. B. Miles and A. M. Huberman. Qualitative data analysis: An expanded sourcebook. Sage, second edition, 1994.

[24]

Motorola. Motorola MOTOACTV. Online at https://motoactv.com/home/page/features.html. Last accessed June 2016.

[25]

NordicSemiconductor. nRF51822. Online at https://www.nordicsemi.com/eng/Products/Bluetooth-Smart-Bluetooth-low-energy/nRF51822. Last accessed June 2016.

[26]

C. Shepard, A. Rahmati, C. Tossell, L. Zhong, and P. Kortum. Livelab: measuring wireless networks and smartphone users in the field. ACM SIGMETRICS Performance Evaluation Review, 38(3):15-20, 2011.

Digital Library

[27]

H. Slade. Bionym inks $14m to get password-replacing wearable, Nymi out the door. Forbes, Sept. 2014.

[28]

F. Stajano. Pico: No more passwords! In Security Protocols XIX, volume 7114 of Lecture Notes in Computer Science, pages 49-81. Springer-Verlag Berlin, Mar. 2011.

Digital Library

[29]

M. Steves, D. Chisnell, A. Sasse, K. Krol, M. Theofanos, and H. Wald. Report: Authentication diary study. Technical Report NISTIR 7983, National Institute of Standards and Technology (NIST), 2014.

[30]

E. Stobert and R. Biddle. The password life cycle: User behaviour in managing passwords. In Proceedings of the Symposium On Usable Privacy and Security (SOUPS), pages 243-255, July 2014. Online at https://www.usenix.org/system/files/conference/soups2014/soups14-paper-stobert.pdf. Last accessed June 2016.

[31]

I. Urbina. The secret life of passwords. New York Times, Nov. 2014. Online at http://www.nytimes.com/2014/11/19/magazine/the-secret-life-of-passwords.html. Last accessed June 2016.

[32]

D. Van Bruggen, S. Liu, M. Kajzer, A. Striegel, C. R. Crowell, and J. D'Arcy. Modifying smartphone user locking behavior. In Proceedings of the Symposium On Usable Privacy and Security (SOUPS), pages 10:1-10:14, July 2013.

Digital Library

[33]

R. Whitwam. NFC ring hands-on: Practice makes... pretty good. Android Police, Mar. 2014. Online at http://www.androidpolice.com/2014/03/09/nfc-ring-hands-on-practice-makes-pretty-good-video/. Last accessed June 2016.

[34]

R. Witty and K. Brittain. Password Reset: Self-Service That You Will Love. Gartner Research, April 2002. Online at http://www.gartner.com/DisplayDocument?ref=g_search&id=354760. Last accessed June 2016.

Cited By

Distler VFassl MHabib HKrombholz KLenzini GLallemand CCranor LKoenig V(2021)A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security ResearchACM Transactions on Computer-Human Interaction10.1145/346984528:6(1-50)Online publication date: 23-Dec-2021
https://dl.acm.org/doi/10.1145/3469845
Ciolino SParkin SDunphy P(2019)Of two minds about two-factorProceedings of the Fifteenth USENIX Conference on Usable Privacy and Security10.5555/3361476.3361501(339-356)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.5555/3361476.3361501
Belk MFidas CPitsillides ABrewster SFitzpatrick GCox AKostakos V(2019)FlexPassExtended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems10.1145/3290607.3312951(1-6)Online publication date: 2-May-2019
https://dl.acm.org/doi/10.1145/3290607.3312951
Show More Cited By

A study of authentication in daily life
1. Human-centered computing
2. Security and privacy
  1. Security services

Recommendations

Physical activity classification meeting daily life conditions
UbiComp '16: Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct

Physical activity is one of the key factors in determining the personal health and well-being of human beings in daily life conditions. Healthy ageing and physical activity has a strong association and ageing has become one of the highly concentrated ...
Unconditionally secure ring authentication
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications security

We propose ring authentication in unconditionally secure setting. In a ring authentication system a sender can choose a set of users and construct an authenticated message for a receiver such that the receiver can verify authenticity of the message with ...
Recognition of coupling-paired activities in daily life
HCCE '12: Proceedings of the 2012 Joint International Conference on Human-Centered Computer Environments

Recognition of daily activities is one of major focuses in health care systems. But limited number of studies has been done on recognition of complex human activities in daily life. Therefore in this work an attempt has been done to recognize complex ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

SOUPS '16: Proceedings of the Twelfth USENIX Conference on Usable Privacy and Security

June 2016

354 pages

ISBN:9781931971317

Editors:
Mary Ellen Zurko
Cisco Systems
,
Sunny Consolvo
Google
,
Matthew Smith
University of Bonn

Sponsors

Google Inc.
NSF
CRCP123: CRC Press
Facebook: Facebook
CISCO

In-Cooperation

ACM: Association for Computing Machinery

Publisher

USENIX Association

United States

Publication History

Published: 22 June 2016

Qualifiers

Article

Acceptance Rates

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Distler VFassl MHabib HKrombholz KLenzini GLallemand CCranor LKoenig V(2021)A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security ResearchACM Transactions on Computer-Human Interaction10.1145/346984528:6(1-50)Online publication date: 23-Dec-2021
https://dl.acm.org/doi/10.1145/3469845
Ciolino SParkin SDunphy P(2019)Of two minds about two-factorProceedings of the Fifteenth USENIX Conference on Usable Privacy and Security10.5555/3361476.3361501(339-356)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.5555/3361476.3361501
Belk MFidas CPitsillides ABrewster SFitzpatrick GCox AKostakos V(2019)FlexPassExtended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems10.1145/3290607.3312951(1-6)Online publication date: 2-May-2019
https://dl.acm.org/doi/10.1145/3290607.3312951
Mare SRawassizadeh RPeterson RKotz D(2018)SAWProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/32649352:3(1-29)Online publication date: 18-Sep-2018
https://dl.acm.org/doi/10.1145/3264935

View Options

View options

Media

Figures

Other

Tables

View Table of Contents