000000308 001__ 308
000000308 005__ 20150814024835.0
000000308 037__ $$aLERSSE-THESIS-2015-004
000000308 100__ $$aIvan Cherapau
000000308 245__ $$aTowards understanding how Touch ID impacts users’ authentication secrets selection for iPhone lock.
000000308 260__ $$c2015-03-08
000000308 300__ $$a85
000000308 520__ $$aSmartphones today store large amounts of data that can be confidential, private or sensitive. To protect such data, all mobile OSs have a phone lock mechanism, a mechanism that requires user authentication in order to access applications or data on the phone, while also allowing to keep data-at-rest encrypted with encryption key dependent on the authentication secret. Recently Apple has introduced Touch ID feature that allows to use a fingerprint-based authentication to unlock an iPhone. The intuition behind such technology was that its usability would motivate users to use stronger passwords for locking their devices without sacrificing usability substantially. To this date, it is not clear, however, if users take an advantage of Touch ID technology and if they, indeed, employ stronger authentication secrets. It is the main objective and the contribution of this work to fill this knowledge gap. In order to answer this question, we conducted three user studies (a) an in-person survey with 90 subjects, (b) an interview study with 21 participants, and (c) an online survey with 374 subjects. Overall we found that users do not take an advantage of Touch ID and use weak authentication secrets, mainly PIN-codes, similarly to those users who do not have Touch ID sensor on their devices. To our surprise, we found that more than 30% of subjects in each group did not know that they could use alphanumeric passwords instead of four digits PIN-codes. Others stated that they adopted PIN-codes due to better usability in comparison to passwords. Most of the subjects agreed that Touch ID, indeed, offers usability benefits such as convenience, speed and ease of use. Finally, we found that there is a disconnect between users desires for security that their passcodes have to offer and the reality. In particular, only 12% of participants correctly estimated the security PIN-codes provide while the rest had unjustified expectations.
000000308 6531_ $$aSmartphone
000000308 6531_ $$aSecurity
000000308 6531_ $$aiPhone
000000308 6531_ $$aTouch ID
000000308 6531_ $$aAuthentication
000000308 8560_ $$ficherapau@ece.ubc.ca
000000308 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/308/files/ubc_2015_september_cherapau_ivan.pdf
000000308 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/308/files/ubc_2015_september_cherapau_ivan.pdf?subformat=pdfa$$xpdfa
000000308 909C4 $$pLERSSE-THESIS-2015-003
000000308 980__ $$aTHESIS