NRXR-ID: Two-Factor Authentication (2FA) in VR Using Near-Range Extended Reality and Smartphones

TL;DR

This paper introduces NRXR-ID, a novel 2FA method for VR that enables users to authenticate via smartphones without removing their headsets, using various challenge types tested in a user study.

Contribution

The paper presents a new 2FA technique for VR integrating smartphones and extended reality, including a novel checkers-style challenge and evaluation of multiple challenge configurations.

Findings

Checkers-style challenge was most effective.

Smartphone-based PIN entry was feasible within VR.

Participants found the checkers challenge intuitive.

Abstract

Two-factor authentication (2FA) has become widely adopted as an efficient and secure way to validate someone's identity online. Two-factor authentication is difficult in virtual reality (VR) because users are usually wearing a head-mounted display (HMD) which does not allow them to see their real-world surroundings. We present NRXR-ID, a technique to implement two-factor authentication while using extended reality systems and smartphones. The proposed method allows users to complete an authentication challenge using their smartphones without removing their HMD. We performed a user study where we explored four types of challenges for users, including a novel checkers-style challenge. Users responded to these challenges under three different configurations, including a technique that uses the smartphone to support gaze-based selection without the use of VR controllers. A 4X3 within-subjects design allowed us to study all the variations proposed. We collected performance metrics and performed user experience questionnaires to collect subjective impressions from 30 participants. Results suggest that the checkers-style visual matching challenge was the most appropriate option, followed by entering a digital PIN challenge submitted via the smartphone and answered within the VR environment.