Biometrics: The user perspective
Dr Lynne Coventry
User Research
NCR Financial Solutions
Prof. Angela Sasse
UCL, Human Computer Interaction
Slide 2
ATM Accessibility: Some Background
- Country specific guidelines apply
- Coverage includes
- Location of devices
- Issues specific to each device
- PIN pad - key size, legend size, colour and contrast, tactile markers, key order
- Need for audio and tactile interaction
- Time out
Slide 3
Current Issues
- ATM access secured by PIN
- PINs are forgotten, confused, compromised
- Consumer awareness of shoulder surfing
- Conflict between security and accessibility requirements
- Key sizes
- Shielding keyboard
- Screen and font sizes
- Secure PINs/passwords
Slide 4
PIN Evaluations
- Detica carried out a survey of approx 1000 people
- 23% of people reported having 6 or more cards/devices that required a PIN number
- 50% of people said they could not remember more than 3
- 16% of people said they used the same code for everything
- 31% said they used the same code for some things.
- My study of 15000 ATM transactions found that 1% of these failed. 50% of failures were because of a forgotten PIN.
Slide 5
Renewed interest in Biometrics
- Use of biometrics in consumer products
- Mobile phones and laptops
- Increased awareness of shoulder surfing
- User PIN behaviour is not optimally secure
Slide 6
Biometric Performance Statistics
- Quoted statistics are based on high quality images
- Usually evaluated against a database of such images or gathered from a small subset of the user population
- Often do not quote the failure to enrol rate and the failure to acquire an image rate
- My usability studies have shown that the general population are not always able to provide such high quality images
Slide 7
Usability of Fingerprint studies
- Study 1: Can people intuitively use a fingerprint device?
- Study 2: What training and information do people require to be able to use the fingerprint device appropriately?
- Study 3: Does our improved training and leadthrough work with the general public?
Slide 8
Study 1: Can people intuitively use a fingerprint device?
- No!
- Although no failure to enrol with internal staff
- Poor and inconsistent placement of fingers on device
- Pointing down, or placing just fingertip on the platen
- 10% False Reject rate
Slide 9
Study 2: What training and information do people require to be able to use the fingerprint device appropriately?
- What they are trying to do
- Understand the concept of fingerprint core and where it is located on the finger
- How to make it happen with a particular device
- Need for feedback from the application on accuracy of finger placement
Slide 10
Study 3: Does improved training and leadthrough work?
Yes! But …need for "supervised playtime"
- 168 participants recruited in Edinburgh
- From wide age range, explained core and use of device
- Enrolment problems with older users
- Problems getting good quality images
- Image quality and inconsistent placement
- Females over 60
- False reject rate reduced to 4%
- Had solved the placement issues
- But new image quality issue found
Slide 11
Image quality example
- Clear, high contrast, well defined features
- Blacked out images
- Low contrast images
Slide 12
Study 4: Is fingerswipe as usable as fingerprint devices
- No!
- 82 participants from Edinburgh
- 7% failed to enrol
- 7% false reject rate after 3 attempts
- Potentially more accessibility problems
Slide 13
Biometric usability conclusions
- Real performance is not equal to predicted performance
- Quality of individual biometric features
- Ability to present the biometric feature
- Usability of individual applications and devices
- Need user education
- What am i trying to do and why is it important
- Need training on particular device before enrolment
- Supervised "playtime" until can consistently place the core centrally
- How do I do it with this device
- Need longer time outs for older users
- Need to improve feedback on image quality
Slide 14
Biometric accessibility approaches
- Accessibility guidelines currently suggest either
- Provide a non biometric alterative
- Potential security risk
- Provide an alternative biometric
- Complexity and cost of multiple authentication methods
- Provide a non biometric alterative
- This does not address the inherent accessibility issues in each biometric device, assuming that someone possesses the biometric feature
Slide 15
Biometric Accessibility
- Each device will have different accessibility issues
- Does the location of device allow access for wheelchair users and those with limited reach
- Does the device help the user place the biometric feature relative to device
- Is the user required to alter the position of the device?
- Is the user required to move the biometric feature over the device?
- Can the user perform the required placement behaviours?
- Place hand/finger flat, cover/close eye, face straight on
- Is the user required to keep the biometric feature still during image acquisition
- Does the application/device provide non-visual feedback to locate and operate the device
- How does the biometric approach deal with the aging process?
Slide 16
Often poorly located devices
- Too high- too low
Slide 17
How far away
- Guides required for contactless devices
Slide 18
Need to combine usability + accessibility
- Usability and accessibility are not the same
- Level 1: Not physically possible to use the device
- Level 2: Physically possible but difficult to use
- Level 3: Physically possible and easy to use
Slide 19
Conclusions
- Usability research has shown that without proper attention to usability and accessibility issues biometric approaches may have problems achieving the expected performance levels
- Usability of security mechanisms is a growing area of research
- More Usability/accessibility evaluations of biometrics are still required
- It is a balancing act:
- Security - usability - accessibility
- Risk assessment
- Work needed to improve feedback on image quality and user behaviour required to improve it
| Previous | Contents | Next |