Preliminary Findings from an Exploratory Qualitative Study of Security-Conscious Users of Mobile Authentication

Authentication on mobile devices is a research priority for the development of usable and trustworthy platforms. However, users may struggle to understand how to balance security and usability for the broad range of important data-driven social and financial transactions on their devices. This concern is especially prevalent in security information workers sensitized to mobile technology vulnerabilities by information about security risk. The purpose of this study is to better understand the mental models and practices of those security conscious users from academia, industry, and government, from an explorative qualitative approach, noting that mobile authentication studies have largely overlooked the mindset of users who have considered their behavior in terms of detailed knowledge of risk. A preliminary analysis of findings is presented in this paper. Participants described usability and situational impairment issues, and concern for data security arising from highly contextual combinations of technology and situational risk. Implications for development of security methods derived from these views are discussed, such as the need for authentication rigor to be driven by more contextualized understanding of task and location-based risk.