passwords, proportionality, security

Interesting usability research out of the University of Washington

Read the whole thing; it’s good. My little quibbles after the quote are meant to reinforce the general point of the research which is “if people won’t use it, it won’t work (and vice versa).” The importance of research is the attempt to identify and quantify, and therefore perhaps predict, how much people will endure before they throw their hands up in the air and quit on the technology.

Technology to Replace Passwords Fails User Tests (PsychCentral)

University of Washington engineers are trying to figure out why fingerprint- and eye- and face-recognition authentication technology have not gone mainstream. They found in a recent study that the user’s experience could be key to creating a system that doesn’t rely on passwords.

“How humans interact with biometric devices is critically important for their future success,” said lead researcher Cecilia Aragon, Ph.D., a UW associate professor of human-centered design and engineering.

“This is the beginning of looking at biometric authentication as a socio-technical system, where not only does it require that it be efficient and accurate, but also something that people trust, accept and don’t get frustrated with.”

So true, but hardly new. Security is, and always has been, a socio-technical system. We’ve all seen a waste basket used to keep a self-locking door propped open. If the security measure is disproportionate to the cost of a security breach, people will reject the system. Thoughtful security planners have always known this and it’s why one of our mantras around here is “biometrics is about people.”

Passwords are also likely to be around for a long, long time, but if biometrics could displace passwords in certain cases and allow for simpler passwords in other cases, that’s a big advance. Where simple passwords (PIN’s) are sufficient today, biometrics should be able to displace them altogether. Where increasingly complex passwords are required today, applying biometrics should allow for simpler passwords such as 4-digit PIN’s.

That’s nothing to sneeze at.

Previous ArticleNext Article
Translate »