Using Personal Data to Support Authentication: User Attitudes and Suitability

Proceedings of the 20th International Conference on Mobile and Ubiquitous Multimedia Pub Date : 2021-05-12 DOI:10.1145/3490632.3490644

Jolie Bonner, Joseph O'Hagan, Florian Mathis, Jamie Ferguson, M. Khamis

{"title":"Using Personal Data to Support Authentication: User Attitudes and Suitability","authors":"Jolie Bonner, Joseph O'Hagan, Florian Mathis, Jamie Ferguson, M. Khamis","doi":"10.1145/3490632.3490644","DOIUrl":null,"url":null,"abstract":"Dynamic personal data based on a user’s activity, such as recent visited physical locations, browsing history, and call logs, update frequently, making it a promising token for user authentication. However, it is not clear how users perceive this use of personal data and which data types are most suitable for authentication. To investigate this, we conducted an online survey with N=100 participants. For 10 personal data types we asked participants about their comfort with this data for authentication, its perceived security, its impact on behaviour, who has access to it, how frequently it updates, and how memorable they perceive it to be. We found that participants were generally uncomfortable with personal data being used for authentication and, knowing their personal data is used, they may intentionally change their behaviour due to privacy concerns. We discuss the benefits and drawbacks of using personal data as a source of dynamic tokens to complement authentication and conclude with three learned lessons.","PeriodicalId":158762,"journal":{"name":"Proceedings of the 20th International Conference on Mobile and Ubiquitous Multimedia","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 20th International Conference on Mobile and Ubiquitous Multimedia","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3490632.3490644","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

Dynamic personal data based on a user’s activity, such as recent visited physical locations, browsing history, and call logs, update frequently, making it a promising token for user authentication. However, it is not clear how users perceive this use of personal data and which data types are most suitable for authentication. To investigate this, we conducted an online survey with N=100 participants. For 10 personal data types we asked participants about their comfort with this data for authentication, its perceived security, its impact on behaviour, who has access to it, how frequently it updates, and how memorable they perceive it to be. We found that participants were generally uncomfortable with personal data being used for authentication and, knowing their personal data is used, they may intentionally change their behaviour due to privacy concerns. We discuss the benefits and drawbacks of using personal data as a source of dynamic tokens to complement authentication and conclude with three learned lessons.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

使用个人数据支持身份验证:用户态度和适用性

基于用户活动的动态个人数据(如最近访问的物理位置、浏览历史记录和呼叫记录)经常更新，这使其成为一种很有希望用于用户身份验证的令牌。但是，目前尚不清楚用户如何看待个人数据的这种使用，以及哪种数据类型最适合进行身份验证。为了调查这一点，我们进行了一项在线调查，有N=100名参与者。对于10种个人数据类型，我们询问了参与者对身份验证数据的舒适度、感知到的安全性、对行为的影响、谁可以访问这些数据、更新的频率以及他们对这些数据的记忆程度。我们发现，参与者通常对使用个人数据进行身份验证感到不舒服，并且在知道他们的个人数据被使用后，他们可能会出于隐私考虑故意改变自己的行为。我们讨论了使用个人数据作为动态令牌的来源来补充身份验证的优点和缺点，并总结了三个经验教训。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 20th International Conference on Mobile and Ubiquitous Multimedia

自引率

0.00%

发文量