It has been estimated that the number of mobile users will pass the number of desktop internet users by 2014. The touch phone has become a central part of the ecology of devices and can no longer be overlooked, and the login process is also an important part of this ecology and a precondition to be able to connect to services within the ecology.
The primary objective of this thesis have been to contribute with research about authentication on touch phones, by addressing the challenges to current authentication mechanisms, users mental model of security, eye tracking of authentication mechanisms and accessibility. Throughout the thesis several methods have been applied to get to know users behavior and the their relation to security and authentication mechanisms on touch phones.
It was made a review of several authentication mechanisms, using different types of interaction. The review were based on findings from the interviews showing that the users thinks it is important that these mechanisms are easy to remember and efficient to use. In addition to concepts of direct manipulation, context and recommendations’ from W3C. I argue that there all mechanisms have disadvantages, and that context is one of the factors that makes it hard to create usable and secure methods.
The second research question are discussing users mental model of security, and I argue that the technology have been moving faster then the users are able to adapt in terms of security. The research shows that people are not too concerned about security on touch phones. The need for securing the phone is increasing as the content on the phone increases, but the users are not adapting to this, and jeopardize the security for easy and fast access.
Eye tracking were applied to the research to investigate how users interact and look at different authentication mechanisms on touch phones. I argue that there are practical issues and with conducting eye tracking of authentication methods. All authentication IDs are different and comparing them or creating heat maps would therefor not be appropriate. But it is a good method that generates a lot of data that can be used to use to uncover general usability issues.
The final research question is discussing how to approach accessible design of authentication mechanisms, by looking into the concept of universal design and adaptive information systems. I argue that only multimodal user interfaces would be appropriate to add to an authentication process.
The research lead to a lot of findings that about peoples understanding of security and use of touch phones, which can be used in future studies about authentication on touch phones.
Keywords: Touch phones, Authentication, Mental Model, Security, Eye tracking, Accessibility