Eiji Hayashi, Oriana Riva, Karin Strauss, A.J. Bernheim Brush, and Stuart Schechter

Symposium On Usable Privacy and Security (SOUPS)

January 2012

Most mobile phones and tablets support only two access control device states: locked and unlocked. We investigated how well all- or-nothing device access control meets the need of users by interviewing 20 participants who had both a smartphone and tablet. We find all-or-nothing device access control to be a remarkably poor fit with users’ preferences. On both phones and tablets, participants wanted roughly half their applications to be available even when their device was locked and half protected by authentication. We also solicited participants’ interest in new access control mechanisms designed specifically to facilitate device sharing. Fourteen participants out of 20 preferred these controls to existing security locks alone. Finally, we gauged participants’ interest in using face and voice biometrics to authenticate to their mobile phone and tablets; participants were surprisingly receptive to biometrics, given that they were also aware of security and reliability limitations.

access control, mobile, smartphone, usable privacy and security