Client:
Personal Project
Duration:
12 days (9.2020)
UX Concept - 5 days
Designing - 2 days
User Research - 1 day
Prototyping - 3 days
User Testing - 1 day
Type:
iOS (Smart Device) Solution
Team:
Zachary Leow
My Contributions:
Concept Design
UX Design
Interaction Design
T H E P R O J E C T
Investigate methods for giving users additional layers to protect their smart devices when using biometric data for unlocking or registering an action. Consider providing individuals a variety of security measures that suit their needs or preferences based on a set of pre-determined settings.
Target User: Smart Device Users
Challenges
How to prevent attack vectors from a future geared toward biometric data for security access on smart devices?
Solutions
Prioritize additional security functions that are for biometric data usage.
How would users prevent attacks or deter violation of their biometric data?
Formulate precautionary and preventative measures to combat potential threats instead of waiting for situations to occur, similar 2FA but better.
How would someone need to feel protected if they were put in a situation that was unfamiliar?
Implement adjustable security settings that are simple to access and interchangeable by allowing layers of customizable security.
T H E P R O B L E M
What Isn't Clear as Day
Analyzing Research on Biometric Data Use
Everyone is familiar to some degree with unlocking your phone, as it is a commonplace staple in newer smartphones. However, what do people actually think about using biometrics? And do these implications mean that biometrics are fool-proof?
Based on a study by VISA regarding biometrics taking over passwords, the findings revealed that 1,000 Americans that were surveyed revealed some interesting things.
Spoiler: People Use Biometrics
Digging Into the Indicators and Possibilities
86 percent of consumers are interested in using biometrics to verify their identity or to make payments
70 percent of consumers believe that biometrics are easier and 46% think they are more secure than using passwords or PINs
These indicators show that there is great interest and trust in using biometrics to provide security for everyday tasks. However, does that mean it is safe for everyone and every situation?
Will someone like our proto-persona, Gracie, be free from privacy breaches moving into biometric verification?
There will always be bad actors to exploit these systems and thinking of the possibilities of how will potentially prevent personal tragedies is appealing to me.
A Future Filled with Biometric Data
Observing Technology Improving Rapidly
Look at any recently released smartphone and it is clear that biometric data is their preferred choice of security. Face scanners with depth sensors are on most newer phones, fingerprint readers are still around, and most apps are connected to these features.
Right now, 3-D scanning and printing of people's faces Mission Impossible-style isn't a commonplace thing but the technology certainly exists. 3D printing and photogrammetry technology certainly exists right now, making it feasible for anyone with the resources to do so.
R E A S O N I N G
Insight #1
Password in Plain Sight
Biometric data is easy to use but that makes it easy for others to access too. Your "password" is available for anyone to view in your face or fingers compared to a passcode stored in your head.
With threat or deception to unlock your smartphone using biometrics, you would be unable to disguise or hide your "password". Your data could be breached if underhanded tactics were used.
Result: Require smart phone unlocking to be accompanied with knowledge of a certain action or process to "mask" your biometric data.
Insight #2
Plan Ahead, Why Not?
If biometrics are going to be continually used, then it means that the possibility that you might be forced into unlocking your phone against your own will exists.
Result: Include preventative safeguards that you can select and perform a large array of actions. Functioning less like the emergency SOS feature in most phones but more of a silent distress signal.
Insight #3
Layered and Personalized
With most personal choices, you can make decisions to fit your lifestyle. If your house doesn't feel safe, you can buy locks and security till you do. Can't the same be applied to your device security in different ways?
Result: Consider layered security in being able to add as many safeguards or protective barriers are you want. Select a Security Profile that has varied layers of security depending on the situation.
Improve Security for Smart Devices
Using iOS Prototype to Show the Functionality
The applications presented can technically be applied to any smartphone with the correct hardware and sensors, but I'm using Apple iPhones as my basis and assuming that they have a fingerprint reading in future iPhones.
If you are unfamiliar with the current iOS Security Settings, you can quickly test it in a prototype I made here --->
S O L U T I O N S
Knowledge + Biometric Data
Masking Your Visible Password
TouchGuard may sound like it's some fancy concept but it's quite simple and can be implemented easily. It minimizes the abuse and exploitation of the simplicity of biometric data by requiring you to place your finger on a designated area for Face ID to function.
Without removing the leisure of FaceID as an unlocking method, it adds a layer of security of incorporating personal knowledge. This type of layered security would not have to stop with finger placement and can and should be implemented with multiple different possibilities.
Customize Preventative Measures
Using Security Cues and Safety Functions
By implementing Security Cues, you can now program a variety of triggers to perform certain actions. These cues can activate a Safety Function - such as deleting phone data or locking money usage without alarming parties.
Now a unique passcode can alert your loved ones of your location or starting a rear camera recording or both if you deem it necessary.
Play it Safe or Dangerous
Factoring Danger into the Process
In addition to have a "safe" area combining biometric and knowledge to unlock your phone, the TouchGuard system also allows you to register an area of your phone which would be considered a "threat".
This combination of finger placement and Face ID would signal your phone to take action(s) that you have pre-set. Actions such as locking money usage, messaging a friend, or broadcasting your location to selected parties are all possibilities.
Different Locales Different Profiles
Selecting Your Safety By Circumstance
With Security Profiles, you can switch in between different security settings that you have previously set. Each profile can chosen for different situations with security settings to match your comfort level or requirements.
For example, your daily routine profile can have a profile with very low safeguards or preventative measures. However, with unknown conditions such as traveling or a special event, you can quickly switch to one that suits your needs.
T E S T I N G
Give a Blanket of Security
Experimenting with the Prototype
Testing the complete prototype with 3 users and running through the implementations yielded lots of positive feedback. All user testing was done remotely due to CO-VID19. No script was used as this was a personal project.
Usability Test Tasks Given:
- Set Up TouchGuard and talk through the process
- Turn On "Threat Area" for TouchGuard
- Set up Security Cues with preferences if traveling in another country
A High-Fidelity Prototype was used in Adobe XD for testing
Give a Blanket of Security
Experimenting with the Prototype
Security Profile Switching
Testing the complete prototype with 3 users and running through the implementations yielded lots of positive feedback. All user testing was done remotely due to CO-VID19. No script was used as this was a personal project.
Usability Test Tasks Given:
- Set Up TouchGuard and talk through the process
- Turn On "Threat Area" for TouchGuard
- Set up Security Cues with preferences if traveling in another country
*A High-Fidelity Prototype was used in Adobe XD for testing
Security Cue & Safety Functions
TouchGuard Onboaring
Making Sense Of Things
Resulting Change from Feedback
A female user response highly praised that they would definitely use the TouchGuard feature to activate a video recording if they felt threatened or didn't have someone around them. All users noted that they would love to have these features just in case of an emergency. Most concerns were with the actual process of setting up these features.
All participants were curious about how the security profile features would be explained and if they would be understood. There would most likely have to be an onboarding process to guide users through the actions, much like setting up FaceID.
Other recommendations were also brought up, such as switching between profiles could be made simpler if there was a quick way to swap in the control panel as seen to the right.
R E F L E C T I O N S
If I Had More Time and Drive
Expanding on a Personal Project
There's a time and a place for personal projects and I've found that to execute on ideas thoroughly, they're never a quick encounter. I do think that this concept has lots of potential but it's not something that can be done easily and has to rely on lots of hardware factors that are out of my control.
If there were more time and resources available to me, I would gladly go further and flesh out the details of how security profiles might work. Finding out additional research and use cases on when people might not want their phone to be accessed, with or without their permission. As technology develops, so does the need of cybersecurity and how we traverse that landscape.
Final Words
Having Fun Breaking Down the Future
I really do think that if we are going to start using biometric data as the norm for personal phone security, then we should also start thinking of attack vectors and how they can be countered.
I don't think that any of the solutions I've presented are groundbreaking or the ultimate protection but they are a step in the right direction of giving users a way to give themselves additional security through not overly elaborate means.
Finding solutions like these gives me excitement in what can be possible in giving users peace of mind.
S P E C I A L T H A N K S
Photo Credits
Image by Gerd Altmann from Pixabay
Photo by Amanda Dalbjörn on Unsplash
Face Wireframe from Mockup.photos
Finger Gestures by Kiranshastry