Authentication has become an integral part of computer usage, but it still remains an interruptive step in people’s workflow. To authenticate to a computer, depending on the authentication method, users must exert mental effort (e.g., recall their password) and/or physical effort (e.g., type their password). These factors increase the cost of context switch for users – cost of switching attention from a primary task to the authentication step and back to the task – disrupting users’ workflow. Clinical staff have often told us they are frustrated by the need to repeatedly log into their clinical desktop computers – sometimes hundreds of times in a day.
In this paper, presented by David Kotz at Ubicomp’18 in Singapore, we propose Seamless Authentication using Wristbands (SAW). SAW is an authentication method designed to address this shortcoming of proximity-based authentication methods, and we do so by adding a quick low-effort user input step that explicitly captures user intentionality for authentication. In SAW, the user’s wristband (e.g., fitness tracker, smartwatch) acts as the user’s authentication token. Read more below, and in the paper.
Shrirang Mare, Reza Rawassizadeh, Ronald Peterson, and David Kotz. SAW: Wristband-based authentication for desktop computers. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (Ubicomp), 2(3), September 2018. DOI 10.1145/3264935.
Abstract: Token-based proximity authentication methods that authenticate users based on physical proximity are effortless, but lack explicit user intentionality, which may result in accidental logins. For example, a user may get logged in when she is near a computer or just passing by, even if she does not intend to use that computer. Lack of user intentionality in proximity-based methods makes them less suitable for multi-user shared computer environments, despite their desired usability benefits over passwords.
We present an authentication method for desktops called Seamless Authentication using Wristbands (SAW), which addresses the lack of intentionality limitation of proximity-based methods. SAW uses a low-effort user input step for explicitly conveying user intentionality, while keeping the overall usability of the method better than password-based methods. In SAW, a user wears a wristband that acts as the user’s identity token, and to authenticate to a desktop, the user provides a low-effort input by tapping a key on the keyboard multiple times or wiggling the mouse with the wristband hand. This input to the desktop conveys that someone wishes to log in to the desktop, and SAW verifies the user who wishes to log in by confirming the user’s proximity and correlating the received keyboard or mouse inputs with the user’s wrist movement, as measured by the wristband. In our feasibility user study (n=17), SAW proved quick to authenticate (within two seconds), with a low false-negative rate of 2.5% and worst-case false-positive rate of 1.8%. In our user perception study (n=16), a majority of the participants rated it as more usable than passwords.