#193 Towards Usable and Secure Location-based Smartphone Authentication

The concept of using location information to implicitly unlock smartphones is widely commercialized on Android phones: once a user registers a location that she is willing to trust, her phone would unlock automatically when the user physically moves to that trusted location. To date, however, there is no prior work that studies the requirements for designing such location-based authentication services to meet users' usability and security expectations. To bridge this gap, we conducted an interview study with 18 participants to study users' perceptions of location-based smartphone authentication and identified key design requirements, such as the need to support fine-grained indoor location registration. We then conducted a field study with 29 participants to study real-world usage behaviors with a fully working application that we implemented. Our findings suggest that people often register non-private (potentially unsafe) locations as trusted locations, and select large (phone unlock) coverage areas without considering security implications. As for usability benefits, however, the participants were able to reduce about 37% of manual unlock attempts on average by using our location-based implicit authentication service.