Designing Better Biometric Identification Systems
July 17, 2013

Biometric Security Systems Could Replace Passwords If Made More User-Friendly

redOrbit Staff & Wire Reports - Your Universe Online

Personal experience and preferences may help explain why fingerprint, eye- and face-recognition technologies have not yet replaced traditional passwords, University of Washington researchers reported on Tuesday in one of the first studies to examine the issue of authentication preferences.

Despite their inefficiencies, passwords are still the most common electronic authentication system in use today, protecting everything from our bank accounts, emails, health information, utility bills, social networking accounts and other private information.

The University of Washington engineers wanted to figure out why this was so, and examine why biometric security systems have not yet gone mainstream.

"How humans interact with biometric devices is critically important for their future success," said study leader Cecilia Aragon, a UW associate professor of human centered design and engineering.

"This is the beginning of looking at biometric authentication as a socio-technical system, where not only does it require that it be efficient and accurate, but also something that people trust, accept and don't get frustrated with," she said.

Aragon and her team collaborated with Oleg Komogortsev at Texas State University to develop a new biometric authentication technique that identifies people based on their eye movements.

Eye-tracking technology uses infrared light and cameras. The light reflects off the surface of the eyeball back to the camera when a user's eye is following a dot or words on a screen. The tracking device then picks up the unique way each person's eye moves.

"The goal of eye-tracking signatures is to enable inexpensive cameras instead of specialized eye-tracking hardware," Aragon said.

"This system can be used by basically any technology that has a camera, even a low-quality webcam."

The researchers began the study by running participants through several types of authentication, and asking for feedback on the usability and perceived security of each.

The participants were asked to make a simulated ATM withdrawal using a lookalike prototype device that employed three types of authentication: a standard four-digit PIN, a target-based game that tracked a person's gaze, and a reading exercise that followed how a user's eyes move past each word. With each, researchers measured how long it took and how often the system had to recalibrate.

The ATM scenario was chosen because it is something familiar to most people, and many of the machines already have a basic security camera installed.

When interviewed after the simulated withdrawal, most of the study participants said they didn't trust the standard push-button PIN used in most ATMs, and assumed the more advanced technologies would offer the best security. However, when the eye-tracking authentication failed - something the researchers deliberately made happen during one trial - participants lost faith in the newer technology.

This shows that future eye-tracking technology should give clear error messages or directions on how users should proceed if they get off track, the researchers said.

Of the three types of authentication, the standard PIN system was preferred by participants for its speed and user-friendliness, although the dot targeting exercise also scored high and didn't take nearly as long as the reading exercise.

Such a game-like option could be a model for future versions of the device, the researchers said.

A similar design could also be used to log in or gain access to a secure website, said Michael Brooks, a UW doctoral student in human centered design and engineering and one of the study's researchers.

The UW team concluded speed, accuracy and choice of error messages were all important for the success of an eye-tracking system, and that one of the reasons face- and eye-recognition systems haven't taken off is because the user's experience often isn't factored into the design.

"If you develop the technology and user interface in parallel, you can make sure the technology fits the users rather than the other way around," Aragon said.

"It's very important to have feedback from all stakeholders in the process while you're designing a biometric identification system."

The team said they plan on developing similar eye-tracking authentication for other systems that use basic cameras, such as desktop computers.

Aragon and her team presented their study last month at the International Association for Pattern Recognition's International Conference on Biometrics.