Usable Security : A seamless user authentication method using NFC and Bluetooth

Abstract: Currently, the majority of user authentication procedures for computers, web services or software involve typing user names and passwords. Passwords which should have a reasonable complexity to be considered secure. The securest password, however, does not guard a user's data if she does not log out when leaving the computer. The research question posed in this thesis is "How should a user authentication method be designed to automate login/logout and to mitigate negative effects of lacking security awareness?". Based on this question, the goal of this work is to develop a new solution for user authentication with NFC and Bluetooth, that takes care of logging in and out of computers and services without the user having to lose a thought about it. This is done by first looking at currently existing alternatives to password authentication. Secondly, the qualities and requirements of a new user authentication concept are devised and described. Thirdly, a testable prototype called NFCLogin, implementing the key aspects of logging in and logging out of Google chrome as well as saving and reopening of the user's opened tabs is implemented. Finally, an observational assessment test is conducted. The aim of the study is to get a hint about whether the system could be useful, if users are inclined to trust it and in which way it could be improved. The main outcome of this thesis is the definition of a user authentication method coupled with suggestions for improvement gathered from a usability study, conducted with the method's prototype, NFCLogin. An important take away from the study is that participants seem to appreciate the prototype and are likely willing to use the proposed method, if it is sufficiently secure.