Using Personal Data to Support Authentication: User Attitudes and Suitability

Bonner, J., O'Hagan, J., Mathis, F., Ferguson, J. and Khamis, M. (2021) Using Personal Data to Support Authentication: User Attitudes and Suitability. In: 20th International Conference on Mobile and Ubiquitous Multimedia (MUM 2021), Leuven, Belgium, 5-8 Dec 2021, pp. 35-42. ISBN 9781450386432 (doi: 10.1145/3490632.3490644)

[img] Text
258320.pdf - Accepted Version

872kB

Abstract

Dynamic personal data based on a user’s activity, such as recent visited physical locations, browsing history, and call logs, update frequently, making it a promising token for user authentication. However, it is not clear how users perceive this use of personal data and which data types are most suitable for authentication. To investigate this, we conducted an online survey with N=100 participants. For 10 personal data types we asked participants about their comfort with this data for authentication, its perceived security, its impact on behaviour, who has access to it, how frequently it updates, and how memorable they perceive it to be. We found that participants were generally uncomfortable with personal data being used for authentication and, knowing their personal data is used, they may intentionally change their behaviour due to privacy concerns. We discuss the benefits and drawbacks of using personal data as a source of dynamic tokens to complement authentication and conclude with three learned lessons.

Item Type:Conference Proceedings
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Bonner, Ms Jolie and Ferguson, Dr Jamie and O'Hagan, Mr Joseph and Mathis, Mr Florian and Khamis, Dr Mohamed
Authors: Bonner, J., O'Hagan, J., Mathis, F., Ferguson, J., and Khamis, M.
College/School:College of Science and Engineering > School of Computing Science
ISBN:9781450386432
Published Online:25 February 2022
Copyright Holders:Copyright © 2021 ACM
First Published:First published in MUM 2021: 20th International Conference on Mobile and Ubiquitous Multimedia p, 35-42
Publisher Policy:Reproduced in accordance with the publisher copyright policy

University Staff: Request a correction | Enlighten Editors: Update this record

Project CodeAward NoProject NamePrincipal InvestigatorFunder's NameFunder RefLead Dept
310627TAPS: Assessing, Mitigating and Raising Awareness of the Security and Privacy Risks of Thermal ImagingMohamed KhamisEngineering and Physical Sciences Research Council (EPSRC)EP/V008870/1Computing Science
309501RSE EnterpriseMohamed KhamisThe Royal Society of Edinburgh (ROYSOCED)65040Computing Science