On the Security and Usability Implications of Providing Multiple Authentication Choices on Smartphones: The More, the Better?

AbstractThe latest smartphones have started providing multiple authentication options including PINs, patterns, and passwords (knowledge based), as well as face, fingerprint, iris, and voice identification (biometric-based). In this article, we conducted two user studies to investigate how the convenience and security of unlocking phones are influenced by the provision of multiple authentication options. In a task-based user study with 52 participants, we analyze how participants choose an option to unlock their smartphone in daily life. The user study results demonstrate that providing multiple biometric-based authentication choices does not really influence convenience, because fingerprint had monopolistic dominance in the usage of unlock methods (111 of a total of 115 unlock trials that used a biometric-based authentication factor) due to users’ habitual behavior and fastness in unlocking phones. However, convenience was influenced by the provision of both knowledge-based and biometric-based authentication categories, as biometric-based authentication options were used in combination with knowledge-based authentication options—pattern was another frequently used unlock method. Our findings were confirmed and generalized through a follow-up survey with 327 participants. First, knowledge-based and biometric-based authentication options are used interchangeably. Second, providing multiple authentication options for knowledge-based authentication may influence convenience—both PINs (55.7%) and patterns (39.2%) are quite evenly used. Last, in contrast to knowledge-based authentication, providing multiple authentication choices for biometric-based authentication has less influence on choosing unlock options—fingerprint scanner is the most frequently used option (134 of 187 unlock methods used among biometric-based authentication options).