| Abstract [eng] |
There is a very sensitive relation between usability and security of authentication methods. Both usability and security are important to each other. Prioritising on over the other inevitably causes neglect on the other one. If security is neglected becausse of usability the the whole point of authentication is missed, because it does not provide the required security for the used. If the security ir prioritised over the usability, then the method risks being too difficult or complex to use, thus discoraging users from using it, or making user use various shortcuts to make it easier for themselves. These shortcuts used by users often compromise security, so to guarantee security methods must also have high usability. The goals of this work is to identify requirements for good smartphone authentication methods. Then using those requirements to create an authentication method that balances usability and security. There are no good systems to evaluate usability and security of smartphone authentication methods. For this reason, in this work, requirements were created based on a web authentication evaluation system. They were adapted for issues, unique to smartphones and so 19 criteria for authentication methods was raised. 8 for usability and 11 for security. Using this crieria 6 authentication methods were evaluated. The results were put in a table and the methods were compared with each other. It was discovered, that authentication methods tend to prioritise either usability or security, thus compromising th unprioritised requirements. In the second chapter of this work, an authentication method was created. It was based on a previous work, that used a grapical password authentication. The second iteration of the authentication methods had some changes done to it, to improve security and usability. During the creation of the second iteration of the authentication methods it was discovered that usability is a very multidisciplinary requirement. It is impacted by human psychology, anatomy and other things, that are normally not often talked about in IT studies. To improve usability developers must look into the studies of other scientific fields, because there is a lot of important information hidden there. In the third chapter the studies done on the secuond iteration of the authentication method are described. There were two studies to see how resistant graphical password is to being stolen by watching authentication and by recording it. It was discovered that it is very difficult to capture user's password even when authentication is being recorded. To test usability first authentication time was tracked, which relativelly fast, when compared to other methods. Number of errors was also counted to make sure that the method is not too difficult to consistently do correctly. There was not a hig number of errors during the authentication. A survey for the users was also done, and its results are discussed in the third chapter. Users generally enjoyed the method, although they did have some complaints about the images that were chosen for them to use in authentication. Finally, the second iteration of the authentication method is evaluated using the same criteria as all the oher analysed methods and it is revealed that the second iteration does not compromise on any of the most important requirements and strikes a balance between usability and security. |
