skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Toward Understanding Children’s Use and Understanding of User Authentication Systems: Work-in-Progress
Children’s use of computing devices has increased over the past 15 years, requiring age-appropriate user authentication systems. This paper details a research study which investigates continuous authentication systems that do not require user-initiated interactions as an accessible authentication model for not only children users, but users across different age groups, with specific application on personal computing devices.  more » « less
Award ID(s):
2039373
PAR ID:
10394636
Author(s) / Creator(s):
; ; ; ; ; ; ; ; ; ;
Date Published:
Journal Name:
USENIX Symposium on Usable Privacy and Security (SOUPS)
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. (, Who Are You?! Adventures in Authentication Workshop)
    Password-based mobile user authentication is vulnerable to a variety of security threats. Shoulder-surfing is the key to those security threats. Despite a large body of research on password security with mobile devices, existing studies have focused on shaping the security behavior of mobile users by enhancing the strengths of user passwords or by establishing secure password composition policies. There is little understanding of how an attacker actually goes about observing the password of a target user. This study empirically examines attackers’ behaviors in observing passwordbased mobile user authentication sessions across the three observation attempts. It collects data through a longitudinal user study and analyzes the data collected through a system log. The results reveal several behavioral patterns of attackers. The findings suggest that attackers are strategic in deploying attacks of shoulder-surfing. The findings have implications for enhancing users’ password security and refining organizations’ password composition policies. 
    more » « less
  2. ; (, The 2025 ADMI Symposium.)
    As mobile devices become increasingly integral to daily life, the need for robust security measures has intensified. Continuous user authentication (CUA) is an emerging paradigm designed to enhance security by verifying user identity throughout device usage, rather than solely at login. This study aims to explore user perceptions, experiences, and preferences concerning CUA methods, such as biometric scans (e.g., fingerprints, facial recognition) and behavioral analytics (e.g., typing patterns, swipe gestures). We will investigate the importance users place on continuous authentication for safeguarding personal data, as well as the usability challenges they encounter. Specifically, we will delve into how users perceive the reliability and accuracy of biometric and behavioral authentication methods, considering factors such as the perceived invasiveness of biometric scans and concerns about data privacy. Additionally, we will examine how perceptions and preferences for CUA vary across different age groups, as younger generations may be more accustomed to biometric authentication and less concerned about privacy implications, while older generations may have different preferences and concerns. The findings of this study will provide insights into user trust, privacy concerns, and the overall effectiveness of CUA in improving mobile security. By understanding user attitudes, this research seeks to inform the development of more intuitive and secure authentication solutions that align with user needs and expectations across various demographics. 
    more » « less
  3. ; ; ; ; ; ; (, Proceedings of the 27th USENIX Security Symposium)
    Computing is transitioning from single-user devices to the Internet of Things (IoT), in which multiple users with complex social relationships interact with a single device. Currently deployed techniques fail to provide usable access-control specification or authentication in such settings. In this paper, we begin reenvisioning access control and authentication for the home IoT. We propose that access control focus on IoT capabilities (i. e., certain actions that devices can perform), rather than on a per-device granularity. In a 425-participant online user study, we find stark differences in participants’ desired access-control policies for different capabilities within a single device, as well as based on who is trying to use that capability. From these desired policies, we identify likely candidates for default policies. We also pinpoint necessary primitives for specifying more complex, yet desired, access-control policies. These primitives range from the time of day to the current location of users. Finally, we discuss the degree to which different authentication methods potentially support desired policies. 
    more » « less
  4. ; ; ; (, Proceedings of the Interactive Workshop on the Human Aspect of Smarthome Security and Privacy)
    Despite rapid advancements in authentication technologies, little user testing has been conducted on the various authentication methods proposed for smart homes. Users’ preferences about authentication methods may be affected by their beliefs in the reliability of the method, the type and location of devices for which they must authenticate, the effort required for successful authentication, and more. In this paper, we provide insight into users’ concerns with these methods through a 46-participant user study. In particular, we seek to understand users’ preferences towards different authentication methods in terms of the perceived security and usability implications of each method. 
    more » « less
  5. ; ; ; (, 3rd InternationalWorkshop on Bio-inspired Security, Trust, Assurance and Resilience co-located with 39th IEEE Symposium on Security and Privacy (IEEE S&P 2018))
    One-time login process in conventional authentication systems does not guarantee that the identified user is the actual user throughout the session. However, it is necessary to re-verify the user identity periodically throughout a login session, which is lacking in existing one-time login systems. In this paper, we introduce a usable and reliable Wearable-Assisted Continuous Authentication (WACA), which relies on the sensor-based keystroke dynamics and the authentication data is acquired through the built-in sensors of a wearable (e.g., smartwatch) while the user is typing. The acquired data is periodically and transparently compared with the registered profile of the initially logged-in user with one-way classifiers. With this, WACA continuously ensures that the current user is the user who logged-in initially. We implemented the WACA framework and evaluated its performance on real devices with real users. The empirical evaluation of WACA reveals that WACA is feasible and its error rate is as low as 1% with 30 seconds of processing time and 2 -3% for 20 seconds. The computational overhead is minimal. Furthermore, WACA is capable of identifying insider threats with very high accuracy (99.2%). 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email