Use Your Words: Designing One-time Pairing Codes to Improve User Experience

@article{Wiseman2016UseYW,
  title={Use Your Words: Designing One-time Pairing Codes to Improve User Experience},
  author={Sarah Wiseman and Gustavo Soto Mino and Anna Louise Cox and Sandy Gould and Joanne Moore and Chris Needham},
  journal={Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems},
  year={2016}
}
The Internet of Things is connecting an ever-increasing number of devices. These devices often require access to personal information, but their meagre user interfaces usually do not permit traditional modes of authentication. On such devices, one-time pairing codes are often used instead. This pairing process can involve transcribing randomly generated alphanumeric codes, which can be frustrating, slow and error-prone. In this paper, we present an improved pairing method that uses sets of… 

Figures and Tables from this paper

User-friendly Manual Transfer of Authenticated Online Banking Transaction Data - A Case Study that Applies the What You Enter Is What You Sign Transaction Authorization Information Scheme
TLDR
This proposal shows that mundane tasks for the user in online banking can be automated, which improves both security and usability.
Survey of Authentication and Authorization for the Internet of Things
TLDR
This paper provides a survey of existing research applicable to the Internet of Things environment at the application layer in the areas of identity management, authentication, and authorization.

References

SHOWING 1-10 OF 29 REFERENCES
Serial hook-ups: a comparative usability study of secure device pairing methods
TLDR
Results of the first comprehensive and comparative study of eleven notable secure device pairing methods are presented and problematic methods for certain classes of users as well as methods best-suited for various device configurations are identified.
Usability Analysis of Secure Pairing Methods
TLDR
A comparative usability evaluation of selected methods is carried out to derive some insights into the usability and security of these methods as well as strategies for implementing them.
Secure and Usable Out-Of-Band Channels for Ad Hoc Mobile Device Interactions
TLDR
The results show that, in contrast to previous proposals, the methods for transferring fingerprints between devices are both usable and resistant to security failures.
Efficient Device Pairing Using "Human-Comparable" Synchronized Audiovisual Patterns
TLDR
A new pairing scheme that is universally applicable to any pair of devices, supporting all possible pairing scenarios, and is based upon the device user(s) comparing short and simple synchronized audiovisual patterns, such as in the form of "beeping" and "blinking".
Usability and security of out-of-band channels in secure device pairing protocols
TLDR
The findings show that the traditional methods of comparing and typing short strings into mobile devices are still preferable despite claims that new methods are more usable and secure, and that user interface design alone is not sufficient in mitigating human mistakes in OOB channels.
The true cost of unusable password policies: password use in the wild
TLDR
A study which re-examined password policies and password practice in the workplace today finds that users are in general concerned to maintain security, but existing security policies are too inflexible to match their capabilities, and the tasks and contexts in which they operate.
Talking to Strangers: Authentication in Ad-Hoc Wireless Networks
TLDR
This paper presents a user-friendly solution, which provides secure authentication using almost any established public-key-based key exchange protocol, as well as inexpensive hash-based alternatives, over the wireless link.
Hash Visualization: a New Technique to improve Real-World Security
TLDR
This paper considers two human limitations: First, people are slow and unreliable when comparing meaningless strings; and second, people have difficulty in remembering strong passwords or PINs, and identifies two applications where these human factors negatively affect security: Validation of root keys in public-key infrastructures, and user authentication.
Distinct word length frequencies: distributions and symbol entropies
TLDR
The distribution of frequency counts of distinct words by length in a language's vocabulary will be analyzed using two methods and it will be shown how these techniques can also be applied to estimate higher order entropies using vocabulary word length.
Users are not the enemy
TLDR
It is argued that to change this state of affairs, security departments need to communicate more with users, and adopt a usercentered design approach.
...
1
2
3
...