Abstract
Due to the frequency with which smartphone owners use their devices, effortful authentication methods such as passwords and PINs are not an effective choice for smartphone authentication. Past research has offered solutions such as graphical passwords, biometrics and password hardening techniques. However, these solutions still require the user to authenticate frequently, which may become increasingly frustrating over time. Transparent authentication has been suggested as an alternative to such effortful solutions. It utilizes readily available behavioral biometrics to provide a method that runs in the background without requiring explicit user interaction. In this manner, transparent authentication delivers a less effortful solution with which the owner does not need to engage as frequently. We expand the current research into transparent authentication by surveying the user, an important stakeholder, regarding their opinions towards transparent authentication on a smartphone. We asked 30 participants to complete a series of tasks on a smartphone that was ostensibly protected with varying degrees of transparent authentication. We then surveyed participants regarding their opinions of transparent authentication, their opinions of the sensitivity of tasks and data on smartphones, and their perception of the level of protection provided to the data and apps on the device. We found that 90% of those surveyed would consider using transparent authentication on their mobile device should it become available. Furthermore, participants had widely varying opinions of the sensitivity of the experiment’s tasks, showing that a more granular method of smartphone security is justified. Interestingly, we found that the complete removal of security barriers, which is commonly cited as a goal in authentication research, does not align with the opinions of our participants. Instead, we found that having a few barriers to device and data access aided the user in building a mental model of the on-device security provided by transparent authentication. These results provide a valuable understanding to inform development of transparent authentication on smartphones since they provide a glimpse into the needs and wants of the end user.
Highlights
The popularity of mobile devices is undeniable
Karatzouni et al have expanded upon the work of Clarke et al to assess user opinions of both current authentication methods and transparent methods [37]. They found that users envisage a need for increased security on mobile devices due to the nature of the data kept on them, and that biometrics and transparent authentication were feasible replacements for traditional authentication methods. These results show that user privacy, and how they perceive the risks to their personal information, is an important consideration in deploying a transparent authentication method
Conclusions and future work Mobile devices represent a unique environment that is not well-suited to repeated entry of secret knowledge-based authentication methods
Summary
The popularity of mobile devices is undeniable. According to the International Data Corporation (IDC), more smartphones were sold in 2012 than desktop and laptop computers combined [1]. As a result of their increased (and increasing) functionality, smartphones are able to access and store personally identifying information Private data such as medical details, sensitive business information, personal pictures and voicemails have been recovered from mobile devices, despite being deleted [2]. The availability of development tools that support password use is bolstered by corporate policies that mandate password use on mobile devices that store or access corporate information, despite studies that have shown that these policies can produce passwords that are less secure than expected [15] Such policies often dictate the length and required characters in a password, but do not allow for alternative authentication methods. Identifying the issues and limitations of passwords with respect to mobile devices may provide information for corporations, enabling updates to their corporate policies to include authentication alternatives
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
