12 days (9.2020)
UX Concept - 5 days
Designing - 2 days
User Research - 1 day
Prototyping - 3 days
User Testing - 1 day
iOS (Smart Device) Solution
T H E P R O J E C T
Investigate methods for giving users additional layers to protect their smart devices when using biometric data for unlocking or registering an action. Consider providing individuals a variety of security measures that suit their needs or preferences based on a set of pre-determined settings.
Target User: Smart Device Users
How to prevent attack vectors from a future geared toward biometric data for security access on smart devices?
Prioritize additional security functions that are for biometric data usage.
How would users prevent attacks or deter violation of their biometric data?
Formulate precautionary and preventative measures to combat potential threats instead of waiting for situations to occur, similar 2FA but better.
How would someone need to feel protected if they were put in a situation that was unfamiliar?
Implement adjustable security settings that are simple to access and interchangeable by allowing layers of customizable security.
E M P A T H I Z E
The Problem that Isn't Clear as Day
Analyzing Research on Biometric Data Use
Everyone is familiar to some degree on unlocking your phone, as it is a commonplace staple in newer smartphones. However, what do people actually think about using biometrics? And do these implications mean that biometrics are fool-proof?
Based on a study by VISA regarding biometrics taking over passwords, the findings revealed that among the 1,000 Americans that were surveyed revealed some interesting things.
Spoiler: Results Leans Positive
Digging Into the Indicators and Possibilities
More than 65 percent of consumers are already familiar with biometrics
86 percent of consumers are interested in using biometrics to verify identity or to make payments
70 percent of consumers believe that biometrics are easier and 46% think they are more secure than using passwords or PINs
These indicators show that there is great interest and trust with using biometrics to provide security for everyday tasks. However, does that mean it is safe for everyone and every situation?
Will someone like our proto-persona, Gracie, be free from privacy breaches moving into biometric verification?
There will always be bad actors to exploit these systems and thinking of the possibilities of how will potentially prevent personal tragedies.
A Future Filled with Biometric Data
Observing Technology Improving Rapidly
Look at any recently released smartphone and it is clear that biometric data is their preferred choice of security. Face scanners with depth sensors are on most newer phones, fingerprint readers are still around, and most apps are connected to these features.
Right now, 3-D scanning and printing of people's faces Mission Impossible style isn't a commonplace thing but the technology certain exists. 3D printing and photogrammetry technology certainly exists right now, making it feasible for anyone with the resources to do so.
D E F I N E
Password in Plain Sight
Biometric data is easy to use but that makes it easy for others to access too. Your "password" is available for anyone to view in your face or fingers compared to a passcode stored in your head.
With threat or deception to unlock your smartphone using biometrics, you would be unable to disguise or hide your "password". Your data could be breached if underhanded tactics were used.
Result: Require smart phone unlocking to be accompanied with knowledge of a certain action or process to "mask" your biometric data.
Plan Ahead, Why Not?
If biometrics are going to be continually used, then it means that the possibility that you might be forced into unlocking your phone against your own will exists.
Result: Include preventative safeguards that you can select and perform a large array of actions. Functioning less like the emergency SOS feature in most phones but more of a silent distress signal.
Layered and Personalized
With most personal choices, you can make decisions to fit your lifestyle. If your house doesn't feel safe, you can buy locks and security till you do. Can't the same be applied to your device security in different ways?
Result: Consider layered security in being able to add as many safeguards or protective barriers are you want. Select a Security Profile that has varied layers of security depending on the situation.
I D E A T E
Improve Security for Smart Devices
Using iOS to Show the Possibilities
The following brainstormed ideas are meant to find potential areas of improvement for security on all smartphones or devices. The applications presented can technically be applied to any smartphone with the correct hardware and sensors.
I chose to use an Apple's iPhone to present solutions not because it is crucially flawed but because their interface is familiar to many. I also made these prototypes based on the assumption that Apple will implement a phone with all current available features and that they adopt a fingerprint reader.
If you are unfamiliar with the current iOS Security Settings, you can quickly test it in a prototype I made by clicking the button below:
P R O T O T Y P E
Knowledge + Biometric Data
Masking Your Visible Password
TouchGuard may sound like it's some fancy concept but it's quite simple and can be implemented easily. It minimizes the abuse and exploitation of the simplicity of biometric data by requiring you to place your finger on a designated area for Face ID to function.
Without removing the leisure of FaceID as an unlocking method, it adds a layer of security of incorporating personal knowledge. This type of layered security would not have to stop with finger placement and can and should be implemented with multiple different possibilities.
Customize Preventative Measures
Using Security Cues and Safety Functions
By implementing Security Cues, you can now program a variety of triggers to perform certain actions. These cues can activate a Safety Function - such as deleting phone data or locking money usage without alarming parties.
Now a unique passcode can alert your loved ones of your location or starting a rear camera recording or both if you deem it necessary.
Play it Safe or Dangerous
Factoring Danger into the Process
In addition to have a "safe" area combining biometric and knowledge to unlock your phone, the TouchGuard system also allows you to register an area of your phone which would be considered a "threat".
This combination of finger placement and Face ID would signal your phone to take action(s) that you have pre-set. Actions such as locking money usage, messaging a friend, or broadcasting your location to selected parties are all possibilities.
Different Locales Different Profiles
Selecting Your Safety By Circumstance
With Security Profiles, you can switch in between different security settings that you have previously set. Each profile can chosen for different situations with security settings to match your comfort level or requirements.
For example, your daily routine profile can have a profile with very low safeguards or preventative measures. However, with unknown conditions such as traveling or a special event, you can quickly switch to one that suits your needs.
T E S T
Give a Blanket of Security
Experimenting with the Prototype
Testing the complete prototype with 3 users and running through the implementations yielded lots of positive feedback. All user testing was done remotely due to CO-VID19. No script was used as this was a personal project.
Usability Test Tasks Given:
- Set Up TouchGuard and talk through the process
- Turn On "Threat Area" for TouchGuard
- Set up Security Cues with preferences if traveling in another country
A High-Fidelity Prototype was used in Adobe XD for testing
Run Prototype, Run
Collecting Feedback from Testing
A female user response highly praised that they would definitely use the TouchGuard feature to activate a video recording if they felt threatened or didn't have someone around them. All users noted that they would love to have these features just incase of an emergency. Most concerns were with the actual process of setting up these features.
All participants were curious in how the security profile features would be explained and if they would be understood. There would most likely have to be an onboarding process to guide users through the actions, much like setting up FaceID.
Other recommendations were also brought up, such as switching in between profiles could be made simpler if there was a quick way to swap in the control panel as seen to the right.
To test their same scenarios, links are below:
R E F L E C T I O N S
If I Had More Time and Drive
Expanding on a Personal Project
I like my concept but poop/dang there is not real good way to guide and assist users through the process - I would absolutely add
Having Fun Breaking Down the Future
I really do think that if we are going to start using biometric data as the norm for personal phone security, then we should also start thinking of attack vectors and how they can be countered.
I don't think that any of the solutions I've presented are groundbreaking or the ultimate protection but they are a step in the right direction of giving users a way to give themselves additional security through not overly elaborate means.
Finding solutions like these gives me excitement in what can be possible in giving users peace of mind.
S P E C I A L T H A N K S