Smart homes are intended to make life easier, but logging into individual devices is often still an onerous task. Researchers from ETH Zurich have investigated how everyday routines could be used for secure and user-friendly authentication—with no need for cumbersome passwords.
A vision of the future: Imagine you finish a long day of work and get back to your smart home, where you live with your family. In the hallway, you are automatically logged into the sound system based on the temperature of your feet and the place where you typically put your keys on the shelf. Your favorite music starts to play quietly in the background.
In the kitchen, you go to get a cold drink from the fridge and the appliance recognizes you from the way you squeeze the fridge handle, allowing you to open it without impediment. For your 4-year-old child, on the other hand, the fridge would have remained closed.
Smart homes use information that they obtain via sensors, for example, to offer maximum convenience, efficiency and assistance to their inhabitants. Homes such as these are already a widespread phenomenon, though they are not yet as common in German-speaking countries.
“At present, authentication is an additional hurdle and challenge for smart home users to overcome,” says Verena Zimmermann, psychologist and Professor for Security, Privacy and Society at ETH Zurich.
Logging into smart devices often requires users to enter a long password via a remote control or a small display, e.g., on a smartphone. This frequently leads to typos and is not user-friendly. “In particular, it can be difficult for older people, children and people with physical disabilities.” Together with researchers from Germany, Zimmermann looks at how the authentication of users in smart homes could be reimagined.
Logging in with the fridge handle
In a recently published study in ACM Transactions on Computer-Human Interaction, the researchers describe how they worked with various groups of users to investigate how everyday and existing objects in the home could be used for logging in.
To this end, they set up two “living labs”—a smart kitchen and a smart living room—and then asked the study participants to think about how they would interact with the objects in order to log in.
“One approach centered around the fridge handle,” says Zimmermann. “Ideas included squeezing the handle in a certain way, measuring the thumb temperature, moving the handle in a specific way, or pressing a specific sequence of buttons like on a piano. The participants had free rein.”
Ideas for how to log into a smart refrigerator without a password. © Zimmermann, TOCHI 2024
Security integrated discreetly into everyday life
The researchers then thought about which overriding patterns emerged from the many login variants developed. Of course, not all of these were immediately practicable or secure. “We wanted to see which overriding aspects were actually feasible,” says Zimmermann.
“Something that was fascinating to see was that many of the developed interactions weren’t recognizable to outsiders as an authentication interaction, whereas inputting a password is immediately recognized as such.” This could be useful so that children don’t know how to turn on the cooker, for example.
Another of the study’s findings is that the new login methods can generally be integrated into everyday routines so that they no longer represent an additional step. This allows people to move around their smart homes more efficiently and conveniently, creating added value with respect to existing login procedures such as passwords, which almost always imply some additional effort.
“Some study participants said that linking a task with authentication could even motivate people to do something they don’t otherwise do or don’t like doing, such as cleaning a surface,” says Zimmermann with a wink.
Routine tasks are best suited
Lastly, the researchers conducted an online study and asked almost 200 people about the role of motivation and habit in authentication in the smart home. The study listed the previously collected tasks, routines and action sequences, and participants evaluated which of these tasks they found more or less suitable as login processes—and for what reasons.
“Overall, it transpired that the overwhelming majority found the most suitable task to be a routine one that they saw as unique,” says Zimmermann. This included cleaning, housework in general, doing laundry, or switching devices on and off in a specific way.
However, it was also clear that there was no single login procedure that was to everyone’s taste. Instead, it might be possible to form clusters for specific user groups that could be customized to a certain extent.
Zimmermann is keen to emphasize that the starting point for her research is always the person. The principal aim of the present study was to look at which login procedure best suits the needs of people in the context of the smart home.
“We wanted to start with a clean slate and, particularly in the first step, to genuinely gather all ideas and think freely,” says Zimmermann. Only then did they consider aspects such as security, privacy and technical feasibility.
More information:
Verena Zimmermann et al, Authenticate As You Go: From Exploring Smart Home Authentication with Daily Objects to Authenticating with Primary Tasks, ACM Transactions on Computer-Human Interaction (2024). DOI: 10.1145/3702318
Citation:
Everyday routines as the key to logging in to smart homes (2024, November 13)
