Blog Team Design Prototypes Why Continuous Authentication

Post-Kickoff - Go!

After kickoff, we had to start drilling into our research plan and what methods may cater best to each research question or hypothesis. This provided to be too difficult with such a wide ranging topic, so we broke down the problem space into various areas. Grace had this great environmental map she drew that ended up being a great starting place to situate our various questions. This also helped us break away from the specific technologies and focus on questions and get to Problems and Challenges.

  • How do consumers perceive and use biometric and sensor-based authentication currently?
  • What is the relationship between transparency, opacity and user adoption?
  • When is opacity okay for consumers versus transparency?

We then arranged some challenges on a gradient between Consumer focus to Merchant focus. This also gave rise to emotive and convenience gradients around transactions and authentication. Creepy vs. Friendly, Convenience vs. Extreme Pain, and Transparency vs. Opacity all became frameworks against which to test our findings against.

Transparency vs. Opacity was a hot button topic. What we meant by this metric was: how much information does the technology share about how it's working, or what data it's collecting, with the user? That lead us to an interesting question: At what point do consumers care if a technology is opaque or transparent? The team had differing views, some thought it was always better to be transparent, but others had examples of opaque technologies, that if they work well enough, may not need to be communicated to the end user. Tokenization and ML were two examples we discussed. There will certainly be more research along this path.

Prototyping

We wanted to jump into prototyping and Aroon whipped up an Android app (!) that logs sensor data. After putting this on a couple peoples’ devices, we may be able to see how much of a difference there is between how people hold their devices while using them, and use a basic ML algorithm to categorize or “authenticate” who is on the device.

A paper from 2012 (link paper here) noted a major downside with continual authentication where the researchers found it may take up to 10 minutes of another person using the device (e.g. someone just stole your smartphone) before the system realizes the user has swapped. We plan on continuing with prototypes like this throughout the early research phase.

whiteboard shots from Grace’s environmental chart and the Quadrants