Although passwords are a necessary part of living in a digital age, they're often either hard to remember or easy to crack. Passwords are usually inefficient and ineffective, and yet we use them to protect our most private of information — including our bank accounts, email, computers, utility bills, and yes, even our Facebook profiles. Surely there must be a better way to protect our data.
The technology for better security does exist in the form of fingerprint and eye and face recognition methods. But these biometric security systems still have not gone mainstream? Why?
Engineers at the University of Washington are trying to figure that out. In a recent study, they determined that the users' experience could be the key to creating a system that no longer relies on those annoying text-based passwords. "How humans interact with biometric devices is critically important for their future success," said Cecilia Aragon, a UW associate professor. "This is the beginning of looking at biometric authentication as a socio-technical system, where not only does it require that it be efficient and accurate, but also something that people trust, accept and don’t get frustrated with."
Basically, as it stands, biometrics are just not user-friendly. Think of your average Facebook user — would they understand how to use something so technologically advanced? Aragon believes that eye and face recognition systems have not taken off because the user's experience isn't factored into the design. Her research team found that speed, accuracy and choice of error messages were all critical for the success of an eye-tracking system.
But the team took their research a step further. Collaborating with Oleg Komogortsev at Texas State University, they developed a new biometric authentication technique that uses eye-tracking to identify people. Subjects were run through several types of authentication involving a simulated exercise of withdrawing money from an ATM. Three types of authentication were presented: the standard four-number pin, a target-based game that tracked a person's gaze, and a reading exercise that followed how a user's eyes moved past each word. Researchers measured how long each exercise took, as well as how often the system needed to recalibrate.
Feedback was also requested from the subjects. Most said that they did not trust the standard push-button PIN used in most ATM's and assumed that the more advanced technologies offered the best security. However, when authentication failed — deliberately caused by the research team — the subjects lost faith in the eye-tracking systems. The researchers suggest that future eye-tracking technology should give clear error messages or directions on how users should proceed in such real-world situations.
“The error messages we provided and the feedback we gave were really important for making it usable," said Michael Brooks, a UW doctoral student in human centered design and engineering. "It would have been difficult to design these prototypes without getting feedback from users early on."
Although the standard PIN did not feel secure to users, it still won the trials for its speed and user-friendliness. However, the dot targeting exercise also scored high among users and did not take as long as the reading exercise. This game-like option could be a good model for future versions of eye-tracking authentication, Brooks stated.