Related papers: User-to-PC Authentication Through Confirmation on Mobile Devices: On Usability and Performance

User-to-PC Authentication Through Confirmation on Mobile Devices: On Usability and Performance

URL: http://arxiv.org/abs/2507.09190v1
Date: Sat, 12 Jul 2025 08:17:59 GMT
Title: User-to-PC Authentication Through Confirmation on Mobile Devices: On Usability and Performance
Authors: Andreas Pramendorfer, Rainhard Dieter Findling,
Abstract summary: We utilize a token-based passwordless approach where users authenticate to their PC by confirming the authentication request on their smartphones or smartwatches.<n>We evaluate button tap and biometric fingerprint verification as confirmation variants, and compare their authentication duration, success rate, and usability to traditional password-based authentication.
Score: 0.0
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Protecting personal computers (PCs) from unauthorized access typically relies on password authentication, which is know to suffer from cognitive burden and weak credentials. As many users nowadays carry mobile devices with advanced security features throughout their day, there is an opportunity to leverage these devices to improve authentication to PCs. In this paper we utilize a token-based passwordless approach where users authenticate to their PC by confirming the authentication request on their smartphones or smartwatches. Upon a request to login to the PC, or to evaluate privileges, the PC issues an authentication request that users receive on their mobile devices, where users can confirm or deny the request. We evaluate button tap and biometric fingerprint verification as confirmation variants, and compare their authentication duration, success rate, and usability to traditional password-based authentication in a user study with 30 participants and a total of 1,200 authentication attempts. Smartwatch-based authentication outperformed password-based authentication and smartphone-based variants in authentication duration, while showing comparable success rates. Participants rated smartwatch-based authentication highest in usability, followed by password-based authentication and smartphone-based authentication.

Related papers

Are Users More Willing to Use Formally Verified Password Managers? [47.205801464292485]
We design and implement two experiments to understand how formal verification impacts users.<n>We focus on the application domain of password managers since it has been documented that the lack of trust in password managers might lead to lower adoption.<n>We conclude that formal verification is seen as desirable by users and identify three actional recommendations to improve formal verification communication efforts.
arXiv Detail & Related papers (2025-04-02T20:57:49Z)
2FA: Navigating the Challenges and Solutions for Inclusive Access [55.2480439325792]
Two-Factor Authentication (2FA) has emerged as a critical solution to protect online activities.<n>This paper examines the intricacies of deploying 2FA in a way that is secure and accessible to all users.<n>An analysis was conducted to examine the implementation and availability of various 2FA methods across popular online platforms.
arXiv Detail & Related papers (2025-02-17T12:23:53Z)
An Alternative to Multi-Factor Authentication with a Triple-Identity Authentication Scheme [0.0]
A dual-password login-authentication system has two entry points (i.e., username and password fields) to interact with the outside. No identifiers can be defined for the username and password without using any personal information. A triple-identity authentication is established, the key of which is that the readily available user's login name and password are randomly converted into a matrix of meaningless hash elements.
arXiv Detail & Related papers (2024-07-28T10:27:35Z)
Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain. We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
arXiv Detail & Related papers (2024-06-27T09:50:10Z)
Good Vibes! Towards Phone-to-User Authentication Through Wristwatch Vibrations [0.0]
We present GoodVibes authentication, a variant of mobile device-to-user authentication, where the user's phone authenticates to the user through their wristwatch vibrating in their pre-selected authentication vibration pattern. We implement GoodVibes authentication as an Android prototype, evaluate different authentication scenarios with 30 participants, and find users to be able to well recognize and distinguish their authentication vibration pattern from different patters, from unrelated vibrations, and from the pattern being absent.
arXiv Detail & Related papers (2024-06-03T18:59:52Z)
Evaluating the Influence of Multi-Factor Authentication and Recovery Settings on the Security and Accessibility of User Accounts [0.0]
This paper presents a study on the account settings of Google and Apple users. Considering the multi-factor authentication configuration and recovery options, we analyzed the account security and lock-out risks. Our results provide insights into the usage of multi-factor authentication in practice, show significant security differences between Google and Apple accounts, and reveal that many users would miss access to their accounts when losing a single authentication device.
arXiv Detail & Related papers (2024-03-22T10:05:37Z)
A Novel Protocol Using Captive Portals for FIDO2 Network Authentication [45.84205238554709]
We introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. We develop a prototype of FIDO2CAP authentication in a mock scenario. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.
arXiv Detail & Related papers (2024-02-20T09:55:20Z)
Reducing Usefulness of Stolen Credentials in SSO Contexts [0.0]
Multi-factor authentication (MFA) helps to thwart attacks that use valid credentials, but attackers still commonly breach systems by tricking users into accepting MFA step up requests. This paper proposes a token-based enrollment architecture that is less invasive to user devices than mobile device management.
arXiv Detail & Related papers (2024-01-21T21:05:32Z)
Leveraging Machine Learning for Wi-Fi-based Environmental Continuous Two-Factor Authentication [0.44998333629984877]
We present a novel 2FA approach replacing the user's input with decisions made by Machine Learning (ML) Our system exploits unique environmental features associated with the user, such as beacon frame characteristics and Received Signal Strength Indicator ( RSSI) values from Wi-Fi Access Points (APs) For enhanced security, our system mandates that the user's two devices (i.e., a login device and a mobile device) be situated within a predetermined proximity before granting access.
arXiv Detail & Related papers (2024-01-12T14:58:15Z)
Secure access system using signature verification over tablet PC [62.21072852729544]
We describe a highly versatile and scalable prototype for Web-based secure access using signature verification. The proposed architecture can be easily extended to work with different kinds of sensors and large-scale databases.
arXiv Detail & Related papers (2023-01-11T11:05:47Z)
On-line signature verification using Tablet PC [61.81926091202142]
The on-line signature verification algorithm is adapted to work in Tablet PC environments. Two different commercial Tablet PCs are evaluated. Authentication performance experiments are reported considering both random and skilled forgeries.
arXiv Detail & Related papers (2022-10-20T09:59:28Z)
Multimodal Personal Ear Authentication Using Smartphones [0.0]
fingerprint authentication cannot be used when hands are wet, and face recognition cannot be used when a person is wearing a mask. We examine a personal authentication system using the pinna as a new approach for biometric authentication on smartphones.
arXiv Detail & Related papers (2021-03-23T14:19:15Z)

This list is automatically generated from the titles and abstracts of the papers in this site.