Goldilocks and the Two Mobile Devices: Going Beyond All-Or-Nothing Access to a Device’s Applications

Symposium On Usable Privacy and Security |

Published by ACM

Most mobile phones and tablets support only two access control device states: locked and unlocked. We investigated how well all-or-nothing device access control meets the need of users by interviewing 20 participants who had both a smartphone and tablet. We find all-or-nothing device access control to be a remarkably poor fit with users’ preferences. On both phones and tablets, participants wanted roughly half their applications to be available even when their device was locked and half protected by authentication. We also solicited participants’ interest in new access control mechanisms designed specifically to facilitate device sharing. ; Fourteen participantsa majority (14 out of 20) preferred these controls to existing security locks alone. Finally, we gauged participants’ interest in using face and voice biometrics to authenticate to their mobile phone and tablets; participants were surprisingly receptive to biometrics, given that they were also aware of security and reliability limitations.