On the Acceptance of Privacy-Preserving Authentication Technology: The Curious Case of National Identity Cards

Many attempts have been made to replace the ubiquitous username-and-password authentication scheme in order to improve user security, privacy and usability. However, none of the proposed methods have gained wide-spread user acceptance. In this paper, we examine the users’ perceptions and concerns on using several alternative authentication methods on the Internet. We investigate the adoption of the new German national identity card, as it is the first eID-enabled card with dedicated features to enable privacy-preserving online authentication. Even though its large-scale roll-out was backed by a national government, adoption rates and acceptance are still low. We present results of three focus groups as well as interviews with service providers, showing that preserving privacy is just one of several factors relevant to the acceptance of novel authentication technologies by users as well as service providers.

[1]  Stephanie Rosenbaum,et al.  Focus groups in HCI: wealth of information or waste of resources? , 2002, CHI Extended Abstracts.

[2]  Claude Castelluccia,et al.  How Unique and Traceable Are Usernames? , 2011, PETS.

[3]  Yajiong Xue,et al.  Avoidance of Information Technology Threats: A Theoretical Perspective , 2009, MIS Q..

[4]  Richard A. Krueger,et al.  Focus groups : a practical guide for applied research / by Richard A. Krueger , 1989 .

[5]  Erik Wästlund,et al.  Evoking Comprehensive Mental Models of Anonymous Credentials , 2011, iNetSeC.

[6]  Marian Margraf The New German ID Card , 2010, ISSE.

[7]  Sriram Subramanian,et al.  Talking about tactile experiences , 2013, CHI.

[8]  Sven Türpe,et al.  Electronic Identity Cards for User Authentication—Promise and Practice , 2012, IEEE Security & Privacy.

[9]  June Abbas,et al.  Relationships and social rules: Teens' social network and other ICT selection practices , 2012, J. Assoc. Inf. Sci. Technol..

[10]  Ponnurangam Kumaraguru,et al.  Privacy Indexes: A Survey of Westin's Studies , 2005 .

[11]  Jason I. Hong,et al.  A diary study of password usage in daily life , 2011, CHI.

[12]  D. Morgan Focus groups as qualitative research / by Morgan, David L. , 1988 .

[13]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[14]  Marco Brambilla,et al.  A revenue sharing mechanism for federated search and advertising , 2012, WWW.

[15]  Murni Mahmud,et al.  A study of the use of mobile phones by older persons , 2006, CHI Extended Abstracts.

[16]  Arkajit Dey,et al.  PseudoID: Enhancing Privacy in Federated Login , 2010 .

[17]  Markus Jakobsson Authentication — Are We Doing Well Enough ? , .

[18]  Helmut Reimer,et al.  ISSE 2010 - Securing Electronic Business Processes, Highlights of the Information Security Solutions Europe 2010 Conference, Berlin, Germany, October 5-7, 2010 , 2011, ISSE.

[19]  Markus Jakobsson,et al.  Authentication - Are We Doing Well Enough? [Guest Editors' Introduction] , 2012, S&P 2012.

[20]  Edward W. Felten,et al.  Password management strategies for online accounts , 2006, SOUPS '06.

[21]  Kirstie Hawkey,et al.  What makes users refuse web single sign-on?: an empirical investigation of OpenID , 2011, SOUPS.

[22]  Dogan Kesdogan,et al.  Open Problems in Network Security , 2015, Lecture Notes in Computer Science.

[23]  Martin Halvey,et al.  WWW '07: Proceedings of the 16th international conference on World Wide Web , 2007, WWW 2007.

[24]  Rui Chen,et al.  Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service , 2014, Inf. Syst. J..

[25]  Mervyn A. Jack,et al.  User perceptions of security, convenience and usability for ebanking authentication tokens , 2009, Comput. Secur..

[26]  Fred D. Davis,et al.  User Acceptance of Computer Technology: A Comparison of Two Theoretical Models , 1989 .

[27]  Rachna Dhamija,et al.  The Seven Flaws of Identity Management: Usability and Security Challenges , 2008, IEEE Security & Privacy.

[28]  Annie I. Antón,et al.  Towards understanding user perceptions of authentication technologies , 2007, WPES '07.

[29]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[30]  Janet Mancini Billson,et al.  Focus Groups: A Practical Guide for Applied Research , 1989 .

[31]  Frank Stajano,et al.  The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes , 2012, 2012 IEEE Symposium on Security and Privacy.

[32]  Michael Katanka,et al.  Promise and Practice , 2013 .

[33]  David Malone,et al.  Investigating the distribution of password choices , 2011, WWW.