Ubicomp devices, such as smart phones and smart watches, allow sensitive information to be accessed anytime, anywhere. Such information include personal information on the devices themselves (personal images, tracking data, etc.) but also information that is stored in the cloud. The ever-increasing number of technologies create both opportunities and challenges: personal, and in particular wearable devices, allow data to be collected and accessed in novel contexts, thus providing the user with valuable, context-based services of information on his well-being. In contrast, new sensing technologies, including but not limited to eye trackers and thermal cameras, also enable novel forms of attacking authentication mechanisms meant to protect such data.
At the same time, the way we interact with ubicomp devices is constantly changing. While until the advent of the PC and the Internet authentication mechanisms based on login and password were used to protect only very few devices, such as the user’s workstation, as well as to authenticate a few times per day (in the morning, after lunch, after the coffee break), the way we interact with technology today is considerably different and likely to further change in the future. Today, users protect data accessible through on average 80 online accounts with on average 20 passwords. Considering the smartphone alone, users authenticate more than 200 times per day. This creates a need to fundamentally rethink how we design for security in general and for authentication in particular. On one hand, there is a need to design mechanisms that better blend with the user’s daily activities (usability). On the other hand, authentication mechanisms need to be able and cope with threats that arise from the advent of new sensing technologies (security).
Publications
Yasmeen Abdrabou, Johannes Schütte, Ahmed Shams, Ken Pfeuffer, Daniel Buschek, Mohamed Khamis und Florian Alt. Your Eyes Say You Have Used This Password Before": Identifying Password Reuse from Gaze Behavior and Keystroke Dynamics In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems. CHI ‘22. Association for Computing Machinery, New York, NY, USA. [Download Bibtex] | ||
Sarah Prange, Sarah Delgado Rodriguez, Timo Döding und Florian Alt. "Where did you first meet the owner?” – Exploring Usable Authentication for Smart Home Visitors. In Extended Abstracts of the 2022 CHI Conference on Human Factors in Computing Systems. CHI EA ’22. Association for Computing Machinery, New York, NY, USA. [Download Bibtex] [Video] | ||
Andreas Renz, Matthias Baldauf, Edith Maier und Florian Alt. Alexa, It’s Me! An Online Survey on the User Experience of Smart Speaker Authentication. In Proceedings of the Conference on Mensch Und Computer. MuC '22. Association for Computing Machinery, New York, NY, USA. [Download Bibtex] | ||
Florian Alt und Stefan Schneegass. Beyond Passwords—Challenges and Opportunities of Future Authentication. [Download Bibtex] | ||
Sarah Prange, Lukas Mecke, Alice Nguyen, Mohamed Khamis und Florian Alt. Don't Use Fingerprint, it's Raining! How People Use and Perceive Context-Aware Selection of Mobile Authentication. In Proceedings of the 2020 International Conference on Advanced Visual Interfaces. AVI'20. Association for Computing Machinery, New York, NY, USA. [Download Bibtex] | ||
Lukas Mecke, Sarah Delgado Rodriguez, Daniel Buschek, Sarah Prange und Florian Alt. Communicating Device Confidence Level and Upcoming Re-Authentications in Continuous Authentication Systems on Mobile Devices. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association, Santa Clara, CA. [Download Bibtex] [Video] | ||
Lukas Mecke, Ken Pfeuffer, Sarah Prange und Florian Alt. Open Sesame!: User Perception of Physical, Biometric, and Behavioural Authentication Concepts to Open Doors. In Proceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia. MUM'18. ACM, New York, NY, USA. [Download Bibtex] | ||
Yomna Abdelrahman and Mohamed Khamis and Stefan Schneegass and Florian Alt. Stay Cool! Understanding Thermal Attacks on Mobile-based User Authentication. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, Denver, CO, USA, May 06-11, 2017.. [Download Bibtex] | ||
Mohamed Khamis, Regina Hasholzner, Andreas Bulling und Florian Alt. GTmoPass: Two-factor Authentication on Public Displays Using GazeTouch passwords and Personal Mobile Devices. In Proceedings of the 6th International Symposium on Pervasive Displays. PerDis '17. ACM, New York, NY, USA. [Download Bibtex] | ||
Ceenu George, Mohamed Khamis, Marinus Burger, Henri Schmidt, Florian Alt und Heinrich Hussmann. Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality. In Proceedings of the Usable Security Mini Conference 2017. Internet Society, San Diego, CA, USA. [Download Bibtex] | ||
Florian Alt, Stefan Schneegass, Alireza Sahami Shirazi, Mariam Hassib und Andreas Bulling. Graphical Passwords in the Wild: Understanding How Users Choose Pictures and Passwords in Image-based Authentication Schemes. In Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services. MobileHCI '15. ACM, New York, NY, USA. [Download Bibtex] | ||
Stefan Schneegass, Frank Steimle, Andreas Bulling, Florian Alt und Albrecht Schmidt. SmudgeSafe: Geometric Image Transformations for Smudge-resistant User Authentication. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing. UbiComp '14. ACM, New York, NY, USA. [Download Bibtex] | ||
Andreas Bulling, Florian Alt und Albrecht Schmidt. Increasing The Security Of Gaze-Based Cued-Recall Graphical Passwords Using Saliency Masks. In Proceedings of the 2012 ACM Annual Conference on Human Factors in Computing Systems. CHI'12. ACM, New York, NY, USA. [Download Bibtex] |