Usability and Security Perceptions of Implicit Authentication: Convenient, Secure, Sometimes Annoying

Implicit authentication (IA) uses behavioural biometrics to provide continuous authentication on smartphones. IA has been advocated as more usable when compared to traditional explicit authentication schemes, albeit with some security limitations. Consequently researchers have proposed that IA provides a middle-ground for people who do not use traditional authentication due to its usability limitations or as a second line of defence for users who already use authentication. However, there is a lack of empirical evidence that establishes the usability superiority of IA and its security perceptions. We report on the first extensive two-part study (n = 37) consisting of a controlled lab experiment and a field study to gain insights into usability and security perceptions of IA. Our findings indicate that 91% of participants found IA to be convenient (26% more than the explicit authentication schemes tested) and 81% perceived the provided level of protection to be satisfactory. While this is encouraging, false rejects with IA were a source of annoyance for 35% of the participants and false accepts and detection delay were prime security concerns for 27% and 22% of the participants, respectively. We point out these and other barriers to the adoption of IA and suggest directions to overcome them.