Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

3-2014

Abstract

Usability is an important aspect of security, because poor usability motivates users to find shortcuts that bypass the system. Existing studies on keystroke biometrics evaluate the usability issue in terms of the average false rejection rate (FRR). We show in this paper that such an approach underestimates the user impact in two ways. First, the FRR of keystroke biometrics changes for the worse under a range of common conditions such as background music, exercise and even game playing. In a user study involving 111 participants, the average penalties (increases) in FRR are 0.0360 and 0.0498, respectively, for two different classifiers. Second, presenting the FRR as an average obscures the fact that not everyone is suitable for keystroke biometrics deployment. For example, using a Monte Carlo simulation, we found that 30% of users would encounter an account lockout before their 50th authentication session (given a lockout policy of 3 attempts) if they are affected by external influences 50% of the time when authenticating.

Keywords

authentication, human factors, keystroker biometrics

Discipline

Information Security

Research Areas

Cybersecurity

Publication

CODASPY '14: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy: March 3-5, San Antonio, TX

First Page

289

Last Page

296

ISBN

9781450322782

Identifier

10.1145/2557547.2557573

Publisher

ACM

City or Country

New York

Embargo Period

3-23-2022

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1145/2557547.2557573

Share

COinS