Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

On the Usability of Next-Generation Authentication: A Study on Eye Movement and Brainwave-based Mechanisms

Matin Fallahi, Patricia Arias Cabarcos, Thorsten Strufe

TL;DR

The study assesses the usability of next-generation biometric authentication based on brainwaves and eye movements using a high-fidelity, ecologically valid prototype setup (n=32). Through SUS-based usability testing and qualitative feedback, it finds generally strong usability for both modalities, with brainwave schemes viewed as more secure yet more privacy-invasive and effort-intensive. The authors identify privacy, interface design, and verification time as key improvement areas and provide design recommendations and a blueprint prototype framework for researchers and developers. Overall, the work demonstrates the viability of behavioral biometrics in everyday authentication while outlining practical considerations to boost acceptance and safety in real-world deployments.

Abstract

Passwords remain a widely-used authentication mechanism, despite their well-known security and usability limitations. To improve on this situation, next-generation authentication mechanisms, based on behavioral biometric factors such as eye movement and brainwave have emerged. However, their usability remains relatively under-explored. To fill this gap, we conducted an empirical user study (n=32 participants) to evaluate three brain-based and three eye-based authentication mechanisms, using both qualitative and quantitative methods. Our findings show good overall usability according to the System Usability Scale for both categories of mechanisms, with average SUS scores in the range of 78.6-79.6 and the best mechanisms rated with an "excellent" score. Participants particularly identified brainwave authentication as more secure yet more privacy-invasive and effort-intensive compared to eye movement authentication. However, the significant number of neutral responses indicates participants' need for more detailed information about the security and privacy implications of these authentication methods. Building on the collected evidence, we identify three key areas for improvement: privacy, authentication interface design, and verification time. We offer recommendations for designers and developers to improve the usability and security of next-generation authentication mechanisms.

On the Usability of Next-Generation Authentication: A Study on Eye Movement and Brainwave-based Mechanisms

TL;DR

The study assesses the usability of next-generation biometric authentication based on brainwaves and eye movements using a high-fidelity, ecologically valid prototype setup (n=32). Through SUS-based usability testing and qualitative feedback, it finds generally strong usability for both modalities, with brainwave schemes viewed as more secure yet more privacy-invasive and effort-intensive. The authors identify privacy, interface design, and verification time as key improvement areas and provide design recommendations and a blueprint prototype framework for researchers and developers. Overall, the work demonstrates the viability of behavioral biometrics in everyday authentication while outlining practical considerations to boost acceptance and safety in real-world deployments.

Abstract

Passwords remain a widely-used authentication mechanism, despite their well-known security and usability limitations. To improve on this situation, next-generation authentication mechanisms, based on behavioral biometric factors such as eye movement and brainwave have emerged. However, their usability remains relatively under-explored. To fill this gap, we conducted an empirical user study (n=32 participants) to evaluate three brain-based and three eye-based authentication mechanisms, using both qualitative and quantitative methods. Our findings show good overall usability according to the System Usability Scale for both categories of mechanisms, with average SUS scores in the range of 78.6-79.6 and the best mechanisms rated with an "excellent" score. Participants particularly identified brainwave authentication as more secure yet more privacy-invasive and effort-intensive compared to eye movement authentication. However, the significant number of neutral responses indicates participants' need for more detailed information about the security and privacy implications of these authentication methods. Building on the collected evidence, we identify three key areas for improvement: privacy, authentication interface design, and verification time. We offer recommendations for designers and developers to improve the usability and security of next-generation authentication mechanisms.
Paper Structure (29 sections, 11 figures, 6 tables)

This paper contains 29 sections, 11 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Authentication Prototypes
  4. User Study Methodology
  5. Experiment Overview
  6. Implementation and Analysis
  7. Results
  8. Participants Background
  9. RQ1: Usability
  10. RQ2: Perception & Usage
  11. RQ3: Benefits, Problems & Tradeoffs
  12. Discussion
  13. Recommendations
  14. Ecological Validity
  15. Comparative Analysis
  16. ...and 14 more sections

Figures (11)

  • Figure 1: Left: Participant wearing the Emotiv EPOC X emotiv_epoc_x neuroheadset while using our news website that required brainwave-based user authentication. Right: Interface screenshots of the authentication prototypes: A) Eye movement-Reading, B) Eye movement-Slideshow, C) Eye movement-Dot, D) Brainwaves-Reading, E) Brainwaves-Slideshow, and F) Brainwaves-Face.
  • Figure 2: Detailed Experiment Process Flowchart. This figure illustrates the sequence of steps each participant follows in the study. Initially, participants sign a consent form, followed by a random assignment to one of the two authentication modalities: brainwave or eye movement. Subsequently, they undergo three separate enrollment and verification processes, each corresponding to one of the three authentication tasks within their assigned modality. After each task, participants are required to complete a short survey, making a total of three survey completions. The process concludes with a debriefing session and provision of compensation.
  • Figure 3: System Usability Scale (SUS) mean scores for Brainwave-based and Eyetracking-based authentication mechanisms. (*SD: Standard deviation)
  • Figure 4: The plot displays the ranking percentages for each authentication task.
  • Figure 5: Subject perceptions on authentication scheme attributes for eye movement (left) and brainwave-based (right) mechanisms. Participants assessed: perceived Benefits ("In my opinion, the effort exceeds the gained benefits for this authentication scheme."), Reliability ("I think the use of this authentication scheme generally causes no problems."), Security ("I think this authentication scheme is very secure, that is, it protects me against attacks"), Privacy concerns ("I have concerns to disclose eyegaze/brainwaves data for usage of an authentication scheme."), and Effort ("How do you rate the effort for using this authentication scheme?").
  • ...and 6 more figures