Responsibility and Tangible Security: Towards a Theory of User Acceptance of Security Tokens (1605.03478v1)

Abstract: Security and usability issues with passwords suggest a need for a new authentication scheme. Several alternatives involve a physical device or token. We investigate one such alternative, Pico: an authentication scheme that utilizes multiple wearable devices. We present the grounded theory results of a series of semi-structured interviews for exploring perceptions of this scheme. We found that the idea of carrying physical devices increases perceived personal responsibility for secure authentication, making the risks and inconvenience associated with loss and theft salient for participants. Although our work is focused on Pico, the results of the study contribute to a broader understanding of user perception and concerns of responsibility for any token-based authentication schemes.