Smart homes are intended to make life easier, but logging into individual devices is often still an onerous task. Researchers from ETH Zurich have investigated how everyday routines could be used for secure and user-friendly authentication - with no need for cumbersome passwords.
In brief
- ETH researchers have developed methods that use everyday actions as secure login processes in the smart home.
- These new methods for logging in are simpler and less obtrusive than the familiar process of logging in with a password.
- Particularly for older people and children, the new forms of authentication offer major advantages as they meet their needs more effectively.
A vision of the future: imagine you finish a long day of work and get back to your smart home, where you live with your family. In the hallway, you are automatically logged into the sound system based on the temperature of your feet and the place where you typically put your keys on the shelf. Your favourite music starts to play quietly in the background. In the kitchen, you go to get a cold drink from the fridge and the appliance recognises you from the way you squeeze the fridge handle, allowing you to open it without impediment. For your four-year-old child, on the other hand, the fridge would have remained closed.
Smart homes use information that they obtain via sensors, for example, to offer maximum convenience, efficiency and assistance to their inhabitants. Homes such as these are already a widespread phenomenon, though they are not yet as common in German-speaking countries. "At present, authentication is an additional hurdle and challenge for smart home users to overcome," says Verena Zimmermann, psychologist and Professor for Security, Privacy and Society at ETH Zurich.
Logging into smart devices often requires users to enter a long password via a remote control or a small display, e.g. on a smartphone. This frequently leads to typos and is not user-friendly. "In particular, it can be difficult for older people, children and people with physical disabilities." Together with researchers from Germany, Zimmermann looks at how the authentication of users in smart homes could be reimagined.
Logging in with the fridge handle
In a recently published external page study , the researchers describe how they worked with various groups of users to investigate how everyday and existing objects in the home could be used for logging in. To this end, they set up two "living labs" - a smart kitchen and a smart living room - and then asked the study participants to think about how they would interact with the objects in order to log in.
"One approach centred around the fridge handle," says Zimmermann. "Ideas included squeezing the handle in a certain way, measuring the thumb temperature, moving the handle in a specific way, or pressing a specific sequence of buttons like on a piano. The participants had free rein."
Security integrated discreetly into everyday life
The researchers then thought about which overriding patterns emerged from the many login variants developed. Of course, not all of these were immediately practicable or secure. "We wanted to see which overriding aspects were actually feasible," says Zimmermann. "Something that was fascinating to see was that many of the developed interactions weren't recognisable to outsiders as an authentication interaction, whereas inputting a password is immediately recognised as such." This could be useful so that children don't know how to turn on the cooker, for example.
Another of the study's findings is that the new login methods can generally be integrated into everyday routines so that they no longer represent an additional step. This allows people to move around their smart homes more efficiently and conveniently, creating added value with respect to existing login procedures such as passwords, which almost always imply some additional effort. "Some study participants said that linking a task with authentication could even motivate people to do something they don't otherwise do or don't like doing, such as cleaning a surface," says Zimmermann with a wink.
Routine tasks are best suited
Lastly, the researchers conducted an online study and asked almost 200 people about the role of motivation and habit in authentication in the smart home. The study listed the previously collected tasks, routines and action sequences, and participants evaluated which of these tasks they found more or less suitable as login processes - and for what reasons.
"Overall, it transpired that the overwhelming majority found the most suitable task to be a routine one that they saw as unique," says Zimmermann. This included cleaning, housework in general, doing laundry, or switching devices on and off in a specific way. However, it was also clear that there was no single login procedure that was to everyone's taste. Instead, it might be possible to form clusters for specific user groups that could be customised to a certain extent.
Zimmermann is keen to emphasise that the starting point for her research is always the person. The principal aim of the present study was to look at which login procedure best suits the needs of people in the context of the smart home. "We wanted to start with a clean slate and, particularly in the first step, to genuinely gather all ideas and think freely," says Zimmermann. Only then did they consider aspects such as security, privacy and technical feasibility.
A word with Verena Zimmermann
ETH News: A new form of authentication without entering a password - it sounds great, but what about privacy? Will people be observed around the clock by Big Brother in their smart homes?
Zimmermann: Privacy is certainly an issue and was also addressed in the studies. When it comes to new authentication methods, the question is always about implementation. Obviously, no one would like it if we had to put cameras all over the house and observe people around the clock. But there are other forms of authentication, such as sensor technologies or object-based interactions, that cannot be traced back to a specific individual and are therefore less invasive. In principle, the study participants took a very critical view when it came to potentially intimate tasks, whether in the bathroom or the bedroom.
Are we even technologically ready for new login processes yet or are they still a long way off?
We're on the right track. There are already many ideas in the literature about how different login processes could be implemented using sensor technologies. Sensors are undergoing constant further development. For example, a smart table has already been developed that knows where which objects are standing or how people are interacting with them. Likewise, smart sensors in the floor use foot temperature to identify whose foot it is. These may still be prototypes, but they already exist..
Reference
Zimmermann V, Schäfer S, Dürmuth M, Marky K: Authenticate As You Go: From Exploring Smart Home Authentication with Daily Objects to Authenticating with Primary Tasks. ACM Transactions on Computer-Human Interaction (TOCHI) 2024. doi: external page https://dl.acm.org/doi/10.1145/3702318