Evaluating authentication options for mobile health applications in younger and older adults

Objective Apps promoting patient self-management may improve health outcomes. However, methods to secure stored information on mobile devices may adversely affect usability. We tested the reliability and usability of common user authentication techniques in younger and older adults. Methodology Usability testing was conducted in two age groups, 18 to 30 years and 50 years and older. After completing a demographic questionnaire, each participant tested four authentication options in random order: four-digit personal identification number (PIN), graphical password (GRAPHICAL), Android pattern-lock (PATTERN), and a swipe-style Android fingerprint scanner (FINGERPRINT). Participants rated each option using the Systems Usability Scale (SUS). Results A total of 59 older and 43 younger participants completed the study. Overall, PATTERN was the fastest option (3.44s), and PIN had the fewest errors per attempt (0.02). Participants were able to login using PIN, PATTERN, and GRAPHICAL at least 98% of the time. FINGERPRINT was the slowest (26.97s), had an average of 1.46 errors per attempt, and had a successful login rate of 85%. Overall, PIN and PATTERN had higher SUS scores than FINGERPRINT and GRAPHICAL. Compared to younger participants, older participants were also less likely to find PATTERN to be tiring, annoying or time consuming and less likely to consider PIN to be time consuming. Younger participants were more likely to rate GRAPHICAL as annoying, time consuming and tiring than older participants. Conclusions On mobile devices, PIN and pattern-lock outperformed graphical passwords and swipe-style fingerprints. All participants took longer to authenticate using the swipe-style fingerprint compared to other options. Older participants also took two to three seconds longer to authenticate using the PIN, pattern and graphical passwords though this did not appear to affect perceived usability.

[1]  Josip Car,et al.  Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment , 2015, BMC Medicine.

[2]  Glenn B. Canner,et al.  Board of Governors of the Federal Reserve System International Finance Discussion Papers Number 838 August 2005 General-to-speci fi c Modeling : An Overview and Selected Bibliography , 2001 .

[3]  S. Lee,et al.  Short Assessment of Health Literacy-Spanish and English: a comparable test of health literacy for Spanish and English speakers. , 2010, Health services research.

[4]  David A. Wagner,et al.  Are You Ready to Lock? , 2014, CCS.

[5]  Kim-Phuong L. Vu,et al.  The Influence of Password Restrictions and Mnemonics on the Memory for Passwords of Older Adults , 2013, HCI.

[6]  L. Brainard The Opportunities and Challenges of Fintech: a speech at the Conference on Financial Innovation at the Board of Governors of the Federal Reserve System, Washington, D.C., December 2, 2016 , 2016 .

[7]  Karen Renaud,et al.  Now what was that password again? A more flexible way of identifying and authenticating our seniors , 2007, Behav. Inf. Technol..

[8]  J. Tafforeau,et al.  Factors associated with excessive polypharmacy in older people , 2015, Archives of Public Health.

[9]  Alexander De Luca,et al.  Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices , 2013, MobileHCI '13.

[10]  Heinrich Hußmann,et al.  I Feel Like I'm Taking Selfies All Day!: Towards Understanding Biometric Authentication on Smartphones , 2015, CHI.

[11]  A. Hassan,et al.  What Do Mobile App Users Complain About ? A Study on Free iOS Apps , 2014 .

[12]  J. B. Brooke,et al.  SUS: A 'Quick and Dirty' Usability Scale , 1996 .

[13]  Narmeen Bawany,et al.  Common Biometric Authentication Techniques: Comparative Analysis, Usability and Possible Issues Evaluation , 2013 .

[14]  Siran Koroukian,et al.  Patient Characteristics Associated with Polypharmacy and Inappropriate Prescribing of Medications among Older Adults with Cancer. , 2012, Journal of geriatric oncology.

[15]  Begoña García Zapirain,et al.  Security Recommendations for mHealth Apps: Elaboration of a Developer’s Guide , 2016, Journal of Medical Systems.

[16]  Ahmed E. Hassan,et al.  What Do Mobile App Users Complain About? , 2015, IEEE Software.

[17]  V. Mok,et al.  Montreal Cognitive Assessment: One Cutoff Never Fits All , 2015, Stroke.

[18]  Ulrich Sax,et al.  Position Paper: Wireless Technology Infrastructures for Authentication of Patients: PKI that Rings , 2005, J. Am. Medical Informatics Assoc..

[19]  Jinjuan Feng,et al.  Investigating the Use of Gesture-Based Passwords by the Seniors , 2015, HCI.

[20]  Blase Ur,et al.  Biometric authentication on iPhone and Android: Usability, perceptions, and influences on adoption , 2015 .

[21]  Vaishali Patel,et al.  Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study , 2015, Journal of health communication.

[22]  José Luis Fernández Alemán,et al.  Security and privacy in electronic health records: A systematic literature review , 2013, J. Biomed. Informatics.

[23]  Jiankun Hu,et al.  A Fingerprint Orientation Model Based on 2D Fourier Expansion (FOMFE) and Its Application to Singular-Point Detection and Fingerprint Indexing , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[24]  Michael Weber,et al.  Password entry usability and shoulder surfing susceptibility on different smartphone platforms , 2012, MUM.

[25]  Lindsey E. Dayer,et al.  Smartphone medication adherence apps: potential benefits to patients and providers. , 2013, Journal of the American Pharmacists Association : JAPhA.

[26]  Sunny Consolvo,et al.  Are You Ready to Lock? Understanding User Motivations for Smartphone Locking Behaviors , 2014 .