Responsibility and Tangible Security: Towards a Theory of User Acceptance of Security Tokens

TL;DR

This paper explores user perceptions of wearable token-based authentication, highlighting increased responsibility and concerns about loss, which influence acceptance and usability of security tokens.

Contribution

It introduces grounded theory insights into user perceptions of wearable security tokens, emphasizing responsibility and risk awareness, which are crucial for designing user-friendly authentication schemes.

Findings

Carrying physical devices increases perceived responsibility.

Users are concerned about risks of loss and theft.

Responsibility perception impacts token acceptance.

Abstract

Security and usability issues with passwords suggest a need for a new authentication scheme. Several alternatives involve a physical device or token. We investigate one such alternative, Pico: an authentication scheme that utilizes multiple wearable devices. We present the grounded theory results of a series of semi-structured interviews for exploring perceptions of this scheme. We found that the idea of carrying physical devices increases perceived personal responsibility for secure authentication, making the risks and inconvenience associated with loss and theft salient for participants. Although our work is focused on Pico, the results of the study contribute to a broader understanding of user perception and concerns of responsibility for any token-based authentication schemes.