Abstract
Personal computers (PCs) provide access to a noteworthy amount of sensitive dataand applications, making it essential to protect them from unauthorized access. PCs
predominantly rely on passwords for user authentication, which are known to suffer from
high cognitive load on users and poor scalability across accounts. These drawbacks often
cause users to reuse passwords or choose weak passwords, practices that consequently
decrease security.
Many users carry personal mobile devices like smartphones or smartwatches on them
throughout the day. These devices offer an opportunity to enhance user-to-PC authentication by incorporating them into the authentication process. Modern smartphones are
often equipped with advanced security features, including secure hardware modules for
cryptographic keys and biometric sensors, making them well-suited to serve as secure
tokens for authentication.
In this thesis, we present a token-based, passwordless approach where users authenticate to their PC by confirming the authentication request on their smartphones or
smartwatches. Upon a request to login to the PC, or to elevate privileges, the PC issues
an authentication request that users receive on their mobile devices, where they can
confirm the request. We evaluate various confirmation mechanisms such as button tap,
biometric verification via a fingerprint sensor, and a novel approach that allows users to
authenticate by performing a gesture with their wrist. We compare these mechanisms
with traditional password-based authentication in a user study involving 38 participants
and a total of 1,440 recorded authentication attempts.
Button tap and biometric verification on smartwatches outperformed passwordbased, wrist rotation, and smartphone-based variants in terms of authentication duration, while showing comparable success rates. Participants rated smartwatch-based
authentication highest in usability, followed by password-based and smartphone-based
authentication. However, there were some reservations about using the approach in everyday life, especially among less technically versed participants, indicating the need for
further research to achieve broad user acceptance.
| Date of Award | 2025 |
|---|---|
| Original language | English |
| Supervisor | Rainhard Dieter Findling (Supervisor) |
Studyprogram
- Mobile Computing