Responsibility and Tangible Security: Towards a Theory of User Acceptance of Security Tokens
This research addresses usability and security issues in authentication for users, but it is incremental as it builds on existing token-based schemes.
The study investigated user perceptions of the Pico authentication scheme, which uses multiple wearable devices, finding that carrying physical tokens increases perceived personal responsibility for security and highlights risks like loss and theft.
Security and usability issues with passwords suggest a need for a new authentication scheme. Several alternatives involve a physical device or token. We investigate one such alternative, Pico: an authentication scheme that utilizes multiple wearable devices. We present the grounded theory results of a series of semi-structured interviews for exploring perceptions of this scheme. We found that the idea of carrying physical devices increases perceived personal responsibility for secure authentication, making the risks and inconvenience associated with loss and theft salient for participants. Although our work is focused on Pico, the results of the study contribute to a broader understanding of user perception and concerns of responsibility for any token-based authentication schemes.