Internet Users’ Willingness to Disclose Biometric Data for Continuous Online Account Protection: An Empirical Investigation

Continuous authentication has emerged as a promising approach to increase user account security for online services. Unlike traditional authentication methods, continuous authentication provides ongoing security throughout the session, protecting against session takeover attacks due to illegitimate access. The effectiveness of continuous authentication systems relies on the continuous processing of users’ sensitive biometric data. To balance security and privacy trade-offs, it’s crucial to understand when users are willing to disclose biometric data for enhanced account security, addressing inevitable privacy concerns and user acceptance. To address this knowledge gap, we conducted an online study with 830 participants from the U.S., aiming to investigate user perceptions towards continuous authentication across different classes of online services. Our analysis identified four groups of biometric traits that directly reflect users’ willingness to disclose them. Our findings demonstrate that willingness to disclose is influenced by both the specific biometric traits and the type of online service involved. User perceptions are strongly shaped by factors such as response efficacy, perceived privacy risks associated with the biometric traits, and concerns about the service providers’ handling of such data. Our results emphasize the inadequacy of one-size-fits-all solutions and provide valuable insights for the design and implementation of continuous authentication systems.


INTRODUCTION
Today, apps and online services generally establish authenticated sessions using entry point authentication only, such as during initial setup or when logging into a service.Usually, no additional verification of user authenticity occurs during these sessions.This means that, in practice, access to an app or online service is often linked to access to the device on which the session secret is stored in the ambient authority.Explicit re-authentication often only occurs for special actions, like financial transactions in online banking or changing a password.The duration of an authenticated session can vary, lasting for days, months, or until the user explicitly logs out, depending on the application context.In practice, this can lead to multiple authenticated sessions being available on a single device.If an attacker gains access to such a device, they not only have access to locally stored data but also to data accessible through apps and online services with active sessions.As a result, the security of these apps and online services is heavily dependent on the security of the device itself.Weak or non-existent device authentication therefore poses a risk to a wide range of services.Particularly in the mobile domain, users often use weak PINs or patterns for authentication, which an attacker can easily obtain through shoulder surfing, for example [5].In addition, other factors such as purchasing used devices that were not properly reset before sale can also lead to unauthorized access to authenticated sessions [4].For certain groups, particularly those facing political persecution, there is the risk of authorities compelling them to grant access to their devices and thus to all apps and online services with active authenticated sessions.By relying solely on entry point authentication, operators of these apps and online services lack the means to detect and prevent such unauthorized access to the services they provide.Even advanced entry point authentication mechanisms like Risk-Based Authentication (RBA) [96] do not allow verifying user authenticity throughout an entire session.
To address this shortcoming, recent developments in authentication mechanisms suggest that apps and online services themselves should continuously elicit and process hard-to-spoof biometric features throughout the entire session to ensure that the actual legitimate user is using the app or online service [3].This mechanism is referred to as Continuous Authentication (CAuthN) [49].It extends entry point authentication systems with continuous session authentication, promising improvements to security without invading the systems' usability due to additional authentication steps required by the users.In principle, CAuthN continuously assesses the risk of an authenticated user being an attacker.For this purpose, the literature proposes CAuthN systems which require the processing of various types of biometric traits [6,18,20,33,71,82,88].
The continuous processing of biometric data over the course of a session and all sessions during the usage lifetime of an app or online service makes CAuthN incredibly invasive.Respecting user privacy is of uttermost importance since it decides on user acceptance of a technology [61].In addition, the processing of biometric data is subject to privacy laws, which require informing users about the processing and may even obtain users' consent.In this regard, research knows very little about users' privacy expectations towards CAuthN.In practice, developers are thus currently restricted to purely technical aspects when deciding on both the design of CAuthN and which biometric traits should be used.However, since privacy is highly context-dependent, it is hardly to be expected that users would accept the use of CAuthN and biometric traits equally for all services and apps.Due to the lack of insights on user privacy perceptions towards CAuthN, neither researchers nor developers have the knowledge to make well-founded design decisions beyond technical aspects.To deploy CAuthN in practice, understanding users' perceptions and privacy expectations is essential to design CAuthN solutions that respect user privacy, conform with obligations from privacy law, and are accepted by the users.
To investigate internet users' perspectives on CAuthN, we conducted a cross-sectional online survey with 830 participants from the U.S. between September and October 2022.Our research makes the following contributions: (1) We present the first comprehensive analysis of users' (privacy) risk beliefs, their trust beliefs, and their willingness to disclose biometric traits for the purpose of CAuthN.To incorporate contextuality, we used systematic manipulations in a between-subjects design to analyze user perceptions of seven different types of apps and online services commonly used in practice.(2) We provide the first empirical evidence that internet users distinguish between four groups of biometric traits with varying levels of willingness to disclose.(3) We provide evidence that context matters and that users' willingness to disclose for CAuthN varies for different types of apps and online services depending on the group of biometric traits.(4) We find that willingness to disclose is particularly high for biometric traits related to device interaction, whereas disclosure of biopotential traits (e.g., EEG) is rejected.(5) We find that users perceive the continuous disclosure of biometric traits as most acceptable for banking, payment, and cloud storage providers but least acceptable for social media, audio, and video streaming services.In this regard, users' willingness to continuously disclose individual biometric traits was positively influenced by users' beliefs that disclosure would help protect their accounts.In contrast, privacy risks perceived with the continuous disclosure and overall risk beliefs associated with processing such data by a service provider have mostly provable negative effects on willingness to disclose.(6) We found mostly no evidence for an effect on willingness to disclose for users' overall trust in a provider, their perceived risk for their account assets, and their expected vulnerability to becoming a victim of an attack.(7) Our results suggest that users would accept CAuthN independent of their awareness of potential attacks on their accounts and assets.Instead, acceptance of CAuthN appears to depend largely on beliefs about the efficacy of the measure and the risks to privacy posed by CAuthN.
Our research provides guidance to researchers and developers of CAuthN systems in deciding which biometric traits are most appropriate in terms of users' security and privacy perceptions in a specific application area.Our study results help to understand differences in user (privacy) perceptions and to respect special requirements for different application areas.In addition, our study helps understanding potential misconceptions and knowledge gaps regarding users' understanding of biometric traits.
The rest of this paper is structured as follows: first, we provide background information on CAuthN systems and summarize related work in Section 2. We then present our research model in Section 3 and our methodological approaches in Section 4. We discuss ethical considerations in Section 5. Our results are presented in Section 6 and discussed in Section 7. We highlight limitations and future work in Section 8 and conclude our paper in Section 9.

BACKGROUND
Below, we first provide a definition of biometric traits in Section 2.1.We then introduce the basics of CAuthN in Section 2.2 and discuss issues related to privacy law in Section 2.3.We then summarize related work on user perceptions of CAuthN in Section 2.4.

Biometric Data and Biometric Traits
In this study, we examine user perceptions of CAuthN systems that are based on the processing of biometric data, i.e., 'biological and behavioral characteristic[s] of an individual from which distinguishing, repeatable biometric features can be extracted for the purpose of biometric recognition" (ISO/IEC 2382-37 [48]).Biometric recognition encompasses authentication scenarios such as biometric verification and identification.In CAuthN literature, the specific features are commonly referred to as biometric traits [94] and divided into physiological and behavioral traits.Examples of physiological traits include fingerprints, hand and face geometry, and retina.Examples of behavioral traits comprise hand signature, gait, keystroking, pointing, location, and brain wave.This separation aids in characterizing real-world biometric systems [15,22,32].Although CAuthN is often linked to the use of behavioral biometric traits only, solutions exist that also continuously track physiological biometric traits [6,18,20,33,71,82,88].We included both types of traits in our study to find out which type users would prefer in CAuthN.

Continuous Authentication Systems
Recently, technical aspects of CAuthN have been subject to an emerging number of publications in research on information security systems [1,49,88].While the specific implementation of such systems varies, particularly in terms of the biometric data and features used, the underlying principle is mostly the same and is split into two phases [49]: (1) In the enrollment phase, the CAu-thN system learns the legitimate state or behavior using biometric traits gathered from a user's interaction, e.g., by training a machine learning model.(2) After completing the training, CAuthN uses the trained model in the authentication phase to assess the biometric traits arising out of the current use of the service.When the biometric patterns observed during the authentication phase differ too much from the patterns observed in the training phase, the CAuthN system assumes illegitimate access and initiates countermeasures such as blocking access or asking for additional re-authentication.
In terms of implementation, CAuthN systems are often suggested in the context of mobile devices due to their rich sensor sets for collecting diverse biometric data [1].Nevertheless, CAuthN systems are not restricted to a specific hardware environment and can also be deployed in Internet-of-Things scenarios [58] as well as in web application scenarios [54].Especially behavioral biometric data can be collected and processed in a platform-independent manner.
Biometric factors are crucial components of modern authentication systems.Their usage is currently focused on the unlocking of devices [9,25,92,104].Here, the primary objective is to enhance the usability of authentication by substituting the requirement of entering secrets, such as a password or PIN, with the disclosure of a biometric trait like a fingerprint [9].In the context of entry point authentication systems, it is crucial to swiftly assess the authenticity of an access attempt using minimal biometric samples to make a highly accurate decision.In practice, fingerprint and facial recognition authentication methods are particularly prominent [9].In contrast, CAuthN systems operate temporally after the initial entry point authentication and aim to ensure a user's authenticity throughout an authenticated session.To achieve this, biometric samples are continuously evaluated.This characteristic allows for incorporating additional biometric traits, particularly those falling within the realm of behavioral biometric data [82].
Whereas some work proposes that CAuthN systems replace traditional entry point authentication mechanisms like passwords [53], we consider such systems to be used as a complementary technology to strengthen account security.This is primarily due to the predominant machine learning-based detection algorithms, which are characterized by erroneous decisions, leading to the frequently used metrics False Acceptance Rate and False Rejection Rate [26].To overcome these inaccuracies, the literature proposes using multimodal biometrics, i.e., mixing different types of biometric traits to increase the robustness of classification [82].

Legal Considerations
Because CAuthN requires the processing of biometric data, special legal considerations must be considered.In this regard, privacy bills recently signed in the U.S. as well as the General Data Protection Regulation (GDPR) [29] in the European Union (EU) classify biometric data as "sensitive data" (Colorado, Connecticut, Utah, Virginia), "sensitive personal information" (California), or "special categories of personal data" (EU).Such classification always implies stricter rules for the processing than is the case for non-sensitive personally identifiable information (PII).Apart from general privacy laws, several states in the U.S. have established specific biometric privacy acts or are planning to do so [66].Well-known examples are the Illinois Biometric Information Privacy Act [46] and the Texas Capture or Use of Biometric Identifier Act [89], both of which have led to lawsuits against Facebook, Google, and TikTok [8,42,44,77].
Regarding the use of biometric data, privacy bills in Colorado, Connecticut, and Virginia, as well as the GDPR in the EU, require making the processing of biometric data transparent and obtaining (explicit) consent from the individual.A composition of national and international supervisory data protection authorities in the EU has recently clarified that processing biometric data for identification purposes is generally subject to these requirements, too [28].In addition, the GDPR requires conducting a privacy impact assessment.This process shall consider the perspectives of the data subjects, i.e., the perspectives of the individuals whose biometric data are processed (Article 35 (9)).While it remains to be seen whether authorities in the U.S. will adopt this view, these decisions nonetheless have implications for private entities outside Europe, as rules of the GDPR apply even when data of individuals in the EU are processed outside the EU.Looking at U.S. and EU law, it is therefore likely that users must consent to the processing of their biometric data to be used for CAuthN.This highlights the importance of respecting users' privacy perceptions when deploying CAuthN.

User Perceptions
Existing studies and surveys on CAuthN have predominantly focused on technical aspects of feature processing and classification of various biometric traits [7].To the best of our knowledge, empirical findings on user perceptions of CAuthN are scarce and highly fragmented.In an initial attempt, two studies conducted in the 1990s investigated user preferences for different types of biometric traits among 76 individuals from Australia [22] and 175 individuals in the UK [32].Participants in these studies favored password authentication over biometrics in general, while also preferring single-time biometric authentication over continuous supervision.Exceptions were found for keystroke analysis and mouse dynamics, for which participants showed similar levels of acceptance across single-time and continuous authentication scenarios [32].More recently, Rasnayaka and Sim [80] surveyed 494 mobile users' intention to adopt CAuthN in the context of eleven different mobile applications.They found that participants with lower security awareness had higher intention to adopt CAuthN and two-thirds of participants thought that CAuthN offers higher convenience and security.The study also revealed differences in users' security requirements for different mobile applications, but it disregarded correlations to users' willingness to use CAuthN.The study by Skalkos et al. [86] surveyed attitudes toward CAuthN of 778 users from the U.S. in a smartphone context.They found that privacy concerns had little to moderate effect on users' appraisals of the degree and likelihood of harm from the use of biometric systems.In addition, both perceived innovativeness and perceived response efficacy of CAuthN had moderate and strong significant effects on users' intention to use CAuthN.In a similar approach, Stylios et al. [87] surveyed attitudes towards CAuthN of 545 individuals from the EU, the U.S., and Canada.Participants were familiarized with common problems in authentication and with CAuthN as part of a seminar framed by a banking scenario.In conclusion, the study verified that perceived innovativeness, compatibility of CAuthN, and trust in technology had weak to moderate positive effects on users' adoption intention.Further, privacy concerns had strong effects on perceived risk, for which, however, no significant effects on adoption intention were found.Also, the study found no impact for perceived ease of use or perceived usefulness, revealing the need to treat biometrics separately in the context of CAuthN.
Results from previous studies on user perceptions specific to CAuthN are dated and suffer from insufficient contextualization of survey instruments.In particular, research conducted before 2000 [22,32] reflects user perceptions of when biometrics were far less present than today.Furthermore, previous work either does not clearly define the application context [32,80,86,87], the differentiation between single-time and continuous authentication [86], or the type of biometric trait used [80,86,87].To the best of our knowledge, our study is the first to systematically investigate users' perceptions across multiple types of biometric traits in different application contexts.We thereby clearly focus on using CAuthN to strengthen online account security.With our study design, we take particular care in contextualization, which has been proven to be critical in studying privacy issues [56,78].In conclusion, our study addresses previous studies' limitations and provides new insights necessary for studying and implementing CAuthN systems.

RESEARCH MODEL
In the following, we elaborate on existing research gaps and derive our research questions and hypotheses.

Differences in Willingness to Disclose
The successful deployment of CAuthN in online services depends on users' willingness to disclose biometric data.However, users' willingness to disclose PII is known to differ between different types of PII [69].These differences often correlate with people's privacy and risk perceptions [75].To convince internet users to consent to the processing of biometric data for CAuthN, it is therefore crucial to understand whether and which biometric traits internet users are willing to disclose for this purpose.Previous research on biometrics has mostly examined user perceptions of individual biometric traits in the context of specific systems and has focused on physiological biometric traits only [12,13,17,36,37,52,63,74]. The studies did not compare users' perceptions of different types of biometric traits.Research including behavioral biometric traits only provides qualitative comparisons [32] and did not focus on CAuthN [22].We address this research gap by answering the following research question: RQ1a: Does internet users' willingness to disclose biometric traits for usage in CAuthN systems for online account protection differ between types of biometric traits?
The issue with studying differences in internet users' willingness to disclose individual biometric traits is that there are potentially many traits that cannot be examined in a single study.Privacy research addresses this issue by attempting to identify homogeneous groups of PII that reflect internet users' perceptions [47,55,72].The benefit is that when new types of PII emerge, researchers and practitioners can use the groups as a guide to broadly classify them.We aim to provide similar utility for biometric traits and CAuthN, leading to our next research question: RQ1b: Can different groups of biometric traits be identified which represent internet users' willingness to disclose biometric traits for usage in CAuthN systems for online account protection?Privacy research showed that internet users' willingness to disclose is subject to contextual differences, i.e., users may be willing to disclose PII to online service X, but not to online service Y [56,78].In this regard, internet users may be willing to disclose biometric traits for use in CAuthN for specific types of online services, whereas they refuse disclosure for others.To study the influence of the online service type on internet users' willingness to disclose biometric traits, we formulate our next research question: RQ1c: Does internet users' willingness to disclose biometric traits for usage in CAuthN systems for online account protection differ between types of online services?

Determinants of Willingness to Disclose
In addition to understanding differences in internet users' willingness to disclose biometric data for CAuthN, we also aim to understand its determinants, i.e., the factors related to or influencing internet users' willingness to disclose (cf.Fig. 1).Our objective is twofold: first, we aim to understand the effects of factors directly associated with specific types of biometric traits, as well as the effects of factors related to the type of online service.Second, we aim to understand the differences in determinants between different types of online services.This leads to the following research questions: RQ2a: Which factors influence internet users' willingness to disclose biometric traits for CAuthN to strengthen online account security?
RQ2b: Are there differences in the factors' effects on internet users' willingness to disclose biometric traits for CAuthN to strengthen online account security across different types of online services?
As the number of determinants of users' willingness to disclose can be excessive, we limit our investigation to a set of factors derived from previous work, on which we then built a theoretical model.Basically, the model assumes that users' willingness to disclose a biometric trait is affected by (1) the gain of security due to CAuthN, (2) the loss of privacy due to the disclosure of the biometric trait, and (3) the context of an online service that is to be secured.Details of the model and our hypotheses are presented below.
Olt and Wagner [79] recently investigated the tension between the gain of security and the possible loss of privacy in the context of an online backup service.They combined the theory of goaldirected behavior [14] and the threat avoidance theory [65].We adopted their results, indicating that the goal of security is represented by the impact of a security incident and its susceptibility.We thus hypothesize that the risk related to unauthorized access to an online account and its susceptibility promote users' willingness to disclose biometric traits for CAuthN: H1a: A high level of a perceived risk that the asset secured by a private user account gets compromised due to unauthorized access has a positive effect on users' willingness to disclose biometric traits to be used in CAuthN.
H1b: A high level of susceptibility to unauthorized access on a user account leads to a positive effect on users' willingness to disclose biometric traits to be used in CAuthN.
In our study, we model a scenario where an online service provider processes the users' biometric traits to perform CAuthN.The online service provider thus is the recipient of the user's PII.Considering users' information privacy concerns, risk and trust related to the appropriateness of data handling must be respected, especially when comparing willingness to disclose between different online service types [68].Previous work indicates that user acceptance of biometric passports depends on user trust in the technology and in the entities operating the technology [36].Thus, we hypothesize that trust and risk related to the appropriate handling of biometric data disclosed for CAuthN affect users' willingness to disclose biometric traits: H2a: A high level of trust in the appropriate handling of biometric traits by an online service provider has a positive effect on users' willingness to disclose them.
H2b: A high level of risk related to the misuse of biometric traits by an online service provider has a negative effect on users' willingness to disclose them.
When it comes to coping with security threats, the perceived effectiveness of a mechanism plays an important role when users select mitigation strategies [79,98].Previous surveys showed that users' perceived usefulness is one of the strongest determinants of user attitudes towards biometric technology in general [37].We thus assume that, besides weighing up security and privacy goals, the response efficacy of a given type of biometric trait influences users' willingness to disclose it for CAuthN: H3: A high level of perceived response efficacy related to CAu-thN using a given type of biometric trait has a positive effect on users' willingness to disclose it.
The willingness to disclose PII is affected by their sensitivity regarding users' privacy [91].We thus hypothesize that the individual level of perceived privacy risk for a given type of biometric trait affects users' willingness to disclose: H4: A high level of perceived risk for users' privacy related to a type of biometric trait has a negative effect on users' willingness to disclose this trait to be used in CAuthN.

METHODOLOGY
To examine our research questions and hypotheses, we conducted an online survey with 830 participants from the U.S. between September and October 2022.The data were analyzed quantitatively using appropriate statistical methods.In the following, we provide details on the study design and the measurement instruments.

Selection of Biometric Traits and Online Services
The scope of potential candidate biometric traits and online service types to study is inherently large.We thus focused on biometric traits whose suitability for CAuthN had already been studied.When selecting the online services, we took care to ensure that they were sufficiently diverse and used by a sufficiently large user group.Hence, our decisions to include or exclude biometric traits and online services were based on an iterative process.First, we extracted potential biometric traits from surveys on CAuthN and biometric authentication for information systems [6,18,20,33,71,82,88].In a two-step approach, we first verified that the systems presented used the traits in a continuous manner and not as a replacement for entry-point authentication.We then grouped them according to the similarity of their sources, such as wrist and phone movements.The final list included 15 biometric traits and was used to assess users' willingness to disclose, response efficacy, and privacy risks in a between-group study design (cf.Table 1).This approach aimed to investigate how the characteristics of various online services or apps influence our participants' perceptions.In particular, we were interested in the impact of different levels of online service-specific perceptions regarding perceived security demands and appraisals regarding the handling of biometric data by a provider.In order to identify suitable online services, we assessed the usage frequencies of 13 types of online services in a screening study using a scale ranging "never," "less than monthly," "monthly," "weekly," and "daily".We excluded service types if fewer than 100 participants reported using them weekly or daily.We further analyzed the respondents' age and sex towards imbalance and excluded service types with significant accumulations.The final set of service types comprises Banking / Payment, Cloud Storage, Online Shopping, Messaging, Social Media, Video Streaming, and Music Streaming.
Table 1: Final selection of biometric traits and explanations provided to the participants.

Biometric Trait Source Explanation used in the survey
Keystroke Dynamics [100] The way you use a keyboard (e.g., how long you hold down a certain key).Mouse Dynamics [101] The way you use a mouse (e.g., how long you hold down a mouse button or how fast you move the mouse pointer).Touch Dynamics [99] The way you use a touchscreen (e.g., how lightly/strongly and how long you touch the screen).Device Movement [59] Information on how your device moves while you use it.Gait [85] Information on how your device (e.g., smartphone or smartwatch) moves as you walk or move.Location Data [85] Information about your location, e.g., via GPS.Connectivity Data [35] Information about what Wi-fi networks or Bluetooth devices are available in your surroundings.Usage Profile [54] What functions of an application you use at what time.Device Statistics [76] Hardware information of your device such as the energy consumption.Fingerprint Recognition [11] Fingerprint sensor data.Iris Recognition [21] Webcam images of your eyes.Face Recognition [19] Webcam images of your face.Voice Recognition [27] Audio data recorded with the microphone of your device.Electroencephalogram (EEG) [95] Data from a sensor that monitors the activity of your brain.Electrocardiogram (ECG) [70] Data from a sensor that monitors the activity of your heart (e.g., in a smartwatch).

Study Design and Procedure
We used a between-group design to compare user perceptions towards CAuthN for different types of online services, as it circumvents cross-over effects and keeps the workload to a minimum for our participants.We used a screening study to gather the full sample and elicit basic demographics.We also asked our participants to rate their usage frequency of different online services.Results from the screening study were used to split our sample into homogenous groups with respect to demographic variables.The usage frequency of online services was used to assign participants to a treatment condition, i.e., a specific type of online service.We thereby mapped participants to a service type they stated to use weekly to daily to avoid making the study seem too abstract to our participants.
In the main study (cf.Fig 2), we first contextualized our participants by asking them to provide up to three actions they usually perform with the online service type they were assigned to.We then asked them to rate the risk of an unauthorized entity accessing their online service account and the susceptibility of such an incident.In the next step, participants were introduced to CAu-thN and biometric traits by watching a short explanation video on CAuthN.The video explained the risk of an authenticated session takeover in a scenario where an attacker gets unauthorized access to an online account through gaining access to a device holding an authenticated session.CAuthN performed by the online service provider was proposed as mitigation.The rationale for choosing this scenario is twofold.Primarily, it enables the study of user perceptions in relation to the novel key features of CAuthN systems, in particular the additional security provided by the continuous protection of the authenticity of an active session that has already been authenticated.Second, by choosing a scenario where the biometric traits are disclosed to the online service or app provider to perform CAuthN, we wanted to ensure that our results were not influenced by the technical knowledge of our participants.Previous research has shown that new security mechanisms can be susceptible to misunderstandings that can affect how participants evaluate the privacy and security of a system [62].We therefore reduced complexity by choosing a worst-case scenario.However, we would point out that alternative and privacy-enhancing approaches to CAuthN are feasible, in which biometric data is processed primarily or entirely locally on the client device.
We adopted the explanation videos to the specific online service types by naming them in the voiceover and accompanying text and by using logos of popular example services.After the video, participants had to solve a quiz comprising five questions on the idea of CAuthN.They were allowed to watch the video again if necessary.After the quiz, participants were shown if they answered correctly.In case of an incorrect answer, we provided them with the correct solutions and additional explanations.
After familiarizing the participants with the context of the online service type and the concepts of CAuthN and biometric traits, we asked them to rate their willingness to disclose, perceived response efficacy, and loss of privacy due to disclosure to the service provider for each of the biometric traits.We provided short descriptions (cf.Table 1) and icons.Afterward, participants were asked about the risk and trust related to the appropriate handling of biometric data by the online service provider.The survey closed with questions about general security attitudes and information privacy concerns.
To design our study, we used established measurement instruments from the literature and adapted them to our needs (cf.Table 2).We used items from [50,68] to assess Risk Asset , Susceptibility Asset , Trust Provider , and Risk Provider .Items for Risk Asset , Trust Provider , and Risk Provider were measured on a seven-point scale.Susceptibility Asset was measured on a 5-point scale.Willingness to Disclose, Response Efficacy, and Privacy Risk were measured individually for each type of biometric trait using sliders in the range of zero to 100.We further included the scale Self-Report Measure of End-User Security Attitudes (SA-6) [30], and the scale Internet Users' Information Privacy Concerns (IUIPC) [68].Instead of using the original IUIPC-10, we used the IUIPC-8 with two items removed due to its better factorial validity and reliability [34].SA-6 was measured on a 5-point scale and IUIPC-8 on a 7-point scale, respectively.For each service type, we adapted the questions, items, and explanations used by  substituting the service type only.For example, instead of "your favorite cloud storage website or mobile app" we used "your favorite banking & payment website or mobile app." We decided not to limit the scenario in our study to a specific device type used to let participants assume their usual usage behavior (mobile or not) and not to limit the types of biometric traits as it would not be appropriate to assess, e.g., mouse dynamics in a mobile-only study.We follow results from [83], indicating that users' usage behavior regarding tasks to accomplish or security concerns did not significantly differ between mobile and laptop use.
Our study design, all texts, and the questions and items in our surveys were reviewed by other researchers in our institution who have expertise in topics on RBA, CAuthN, and conducting online surveys.Furthermore, the content was revised by a native speaker from the U.S. to ensure that the explanations and questions make sense to the target population, i.e., internet users from the U.S. In addition, we conducted a pilot study with 30 participants to test Table 2: Constructs used in the survey and their definitions.

Construct Definition
Willingness to Disclose Willingness to continuously share biometric trait  with a website or mobile app of type  to improve account protection.

Response Efficacy
Belief that continuously sharing biometric trait  with a website or mobile app of type  improves account protection [50].
Privacy Risk Perceived privacy risk when continuously sharing biometric trait  with a website or mobile app of type  to improve account protection.
Risk Asset Risk beliefs associated with someone getting unauthorized access to an account at a website or mobile app of type  [68].
Susceptibility Asset Probability of someone getting unauthorized access to an account at a website or mobile app of type  [50].

Trust Provider
The degree to which participants belief the provider of a website or mobile app of type  is dependable in protecting their biometric trait  [68] Risk Provider The expectation that a high potential for loss is associated with the release of biometric trait  to the provider of a website or mobile app of type  [68].
our survey and improved descriptions and presentation.An outline of the final questionnaire is available in Appendix A.

Participant Recruitment
We recruited our participants via the online panel Prolific.The panel allowed us to include screening filters for internet users located in the U.S. and to obtain a sample balanced by participant sex.If participants in our screening study agreed to participate in our main study, we re-invited them using a pseudonymous user identifier provided by the Prolific platform.In total, 1219 participants participated in our main study.To clean our data, we removed participants who failed attention checks or did not provide an answer for the biometric trait-related items WTD, Privacy Risk, and Response Efficacy.We further decided to exclude participants who failed to give the correct answers to the quiz about CAuthN.By doing so, we aimed to ensure that all participants in the analyses understood the principle of CAuthN as a technology that can improve their account security.The final dataset consists of 830 participants across seven study conditions (cf.Table 3 for distribution).The response time for valid surveys averaged 14.1 minutes (median = 12.5 minutes).

ETHICAL AND LEGAL CONSIDERATIONS
Our institution is in the EU and has no formal IRB process.However, we followed the strict rules of our national and European privacy regulations.Our study was reviewed and approved by our institution's data protection officer.We used pseudonymous user-IDs provided by the recruiting platform to map participants between the pre-screening and the main study.The user-IDs do not allow for direct identification.We informed our participants about the data collected at the beginning of both survey parts and asked them for informed consent.Each question included a "prefer not to answer" option.Respecting the minimum wage in the U.S. at the time of the study, participants were paid 15$ per hour adjusted to the median completion time of the study condition attended.Participants' data were stored and backed up on encrypted hard drives only.

RESULTS
In this section, we present the results and describe the analyses performed.Except for the structural equation modeling, all analyses were performed with R v4.2.1.Structural equation modeling was done with SmartPLS 4.

Demographics
Our participants' demographics are summarized in Table 4.A summary of all subsamples is available in the Appendix (cf.Table 6).Overall, our sample is balanced by female and male participants.Half of our participants were between 28 and 46 years old ( = 38.2, = 13.2).Our sample is characterized by white ethnicity and high levels of education, with 55% having an undergraduate degree or higher.We used chi-square tests of homogeneity to identify significant differences in demographic distributions across the treatment groups.Except for employment status ( 2 (36, n = 830) = 55.9, p = .017),we could reject the hypothesis of proportions being different across the study conditions.Considering effects of privacy concerns or security attitudes, we also tested for proportional differences in the ratings for IUIPC-8 and SA-6.A chi-square test on both constructs showed no significant differences (IUIPC-8:

Characteristics of Online Service Types
We used the between-group study conditions to frame participants with different levels of Risk Asset , Risk Provider , and Trust Provider .
For analysis, we first checked for significant differences between online service types using a Kruskal-Wallis rank sum test and examined the effect size [43,90].Running a Dunn's test with Bonferroni correction for pairwise comparison revealed significant differences between the between-group conditions (cf.Fig. 3, details in Appendix Table 7) [23].We chose robust statistical tools to respect the non-normality of our participant's ratings.
The risk associated with unauthorized access to an account (Risk Asset ) was rated highest for Banking / Payment and Online Shopping, followed by Messaging, Cloud Storage, and Social Media.Risk Asset for Video and Music Streaming was ranked lowest.A pairwise comparison revealed significant differences ( < .05)except between Banking / Payment and Online Shopping; Cloud Storage and Messaging; Online Shopping and Social Media; Messaging and Social Media; and Music Streaming and Video Streaming (cf.Appendix Table 8).
Participants' perceived risk related to the provider's unappropriated handling of biometric traits (Risk Provider ) was significantly lower for Banking / Payment and Cloud Storage than for Messaging, Social Media, Music-and Video Streaming ( < .05).In contrast, we found significantly higher ratings of trust in the appropriate handling of data (Trust Provider ) for Banking / Payment and Cloud Storage than for Messaging, Social Media, and Video Streaming ( < .05).

Factorial Analysis of Willingness to Disclose Biometric Traits
Analyzing the results for 15 types of biometric traits in seven online service types can lead to rather complex results with low practical meanings.In preparation for answering RQ1b, we decided to first identify groups of biometric traits with similar user perceptions.Since we expect our participants' ratings for WTD to depend on the context of an online service type and thus differ between study conditions, a global clustering would not be appropriate.Clustering the ratings separated by each online service type would respect our assumptions, however, it would limit the explanatory value and the practical use, especially if the clusters differ between online service types.We chose an Exploratory Factor Analysis (EFA) combined with an Confirmatory Factor Analysis (CFA) [38] applied to participants' ratings for willingness to disclose (WTD) since we expect groups of biometric traits to be assessed similarly by users due to an underlying latent factor originating from the characteristics of the biometric traits in question.We split our sample in to half to identify the latent factors with the EFA, and to validate our results using the CFA based on independent subsamples.We verified that both subsamples (N EFA = 417, N CFA = 413) had nonsignificant differences in demographics, IUIPC-8, and SA-6 scores.We followed guidelines by Hair et al. [38] and Zygmont and Smith [105] to set up and analyze both the EFA and CFA.To perform the EFA, we first assessed and confirmed the factorability using the Kaiser-Meyer-Olkin criterion (KMO = .916)and Bartlett's test of sphericity ( 2 (91) = 4916.076, < .001)[24].To approximate the number of factors to be extracted, we used a parallel analysis, the Root Mean Square Error of Approximation (RMSEA), as well as the Akaike Information Criterion (AIC) and the Bayesian Information Criterion (BIC) [41].The factor retention criteriums suggested extracting between 4 and 5 factors.We fitted models using the EFA dataset and used Promax as an oblique factor rotation, since we expected that users' willingness to disclose a specific type of biometric trait correlates with a user's overall "latent" willingness to disclose biometric data.Due to the mostly skewed data, we used an Ordinary Least Squares (OLS) factor analysis [105].Since using five factors did not lead to relevant loadings on all factors, we continued iteratively refining the model using four factors.To confirm the factors identified with the EFA, we ran a CFA on the second subsample using a robust maximum likelihood estimator to account for outliers and non-normal distribution of the data.The model fit indices show a good model fit, and the indicators for construct reliability support the assumption that the factors found can be considered resilient (cf.Table 5).We interpreted the results of EFA and CFA and labeled the latent factors influencing users' willingness to disclose different types of biometric traits as follows: Device Interaction Behavioral Traits With loadings on Mouse Dynamics, Keystroke Dynamics, Touch Dynamics, and Device Movement, this factor describes behavioral biometric traits resulting from users' physical interaction with a device.The EFA additionally considers Gait as an indicator but with a rather low loading ( = .4),which is why we decided to exclude this trait from further analysis.Our participants' rated the Device Interaction traits with a low level of privacy risk and a medium level of response efficacy.
Body-Related Physiological Traits All related to physiological characteristics of an individual, Face, Iris, Fingerprint, and Voice Recognition are classical traits known as physiological biometric traits.The Body-Related group was assessed with the highest rating for privacy risk and the highest level of response efficacy.
Profiling-Related Behavioral Traits The third factor identified groups of behavioral biometric traits resulting from users' interaction with apps and services.The biometrics grouped under this factor include general Profiling of usage patterns, Connection Data, Device Statistics, and Location Data.Different from the factor Device Interaction, this group of behavioral biometric traits is less related to an active interaction with hardware but with data originating from apps running on the device.Profiling-Related traits were rated with a medium response efficacy and a medium to high level of privacy risk.
Biopotential Physiological traits The two biometric traits EEG and ECG are suggested to be an additional factor.Even though they are related to the human body, the CFA clearly separates them from the factor Body-Related traits.Since this factor only consists of two indicating variables with strong correlation ( = .8),we excluded it from our structural model described in Section 6.6.The traits in this group were rated with the lowest level of response efficacy observed and have been assessed with a medium to high level of privacy risk.
Regarding RQ1b, we conclude that biometric traits can be grouped according to internet users' willingness to disclose.Our results suggest that users differentiate between four broad types of biometric traits: (1) Device Interaction, (2) Body-Related, (3) Profiling-Related, and (4) Biopotential.

Intra-Service Differences in Willingness to Disclose (WTD)
To study differences in willingness to disclose biometric traits under RQ1a, we compared the mean average scores for each group of biometric traits identified in the previous step (cf.Fig. 4, details in Appendix Table 9).To respect contextual differences between conditions, we conducted seven within-group comparisons, one for each online service type.We chose robust methods since participants' ratings resulted in mostly skewed data from partially extreme high or low ratings.The comparison of means was conducted by computing robust one-way repeated measures ANOVA for trimmed means and resulted in significant differences for all survey conditions.A Yuen's test for trimmed means [2] showed small to large effects.The corresponding post-hoc tests for pairwise comparisons [97] showed significant differences for most groups of biometric traits as outlined in the following (cf.Appendix Tables 10-16).
Except for the Banking / Payment condition, the overall ranking of WTD was Device Interaction, Profiling-Related, Body-Related, and Biopotential, with the latter having the lowest ratings (c.f.Fig. 4).In the Banking / Payment condition, participants' WTD for Body-Related traits was remarkably high, resulting in no significant differences to Device Interaction and Profiling-Related traits.The pairwise comparisons for the remaining study conditions showed significant results except for Body-Related and Profiling-Related in Messaging, as well as for Device Interaction and Profiling-Related in Video Streaming.The latter was caused by a noticeably low rating for Device Interaction biometrics for Video Streaming.
Regarding RQ1a, we conclude that internet users' willingness to disclose biometric traits for CAuthN differs depending on the type of trait used.Our results suggest that for most online service types, users prefer Device Interaction biometrics over Body-Related and Profiling-Related ones.Using Biopotential traits is predominantly rejected.

Biometric Traits in Different Contexts
We examined the ratings for groups of traits between study conditions to investigate differences in willingness to disclose biometric traits between different service types (cf.Appendix Table 17).To respect the skewed data for WTD, we used Kruskal-Wallis rank sum test and Dunn's test with Bonferroni correction for pairwise comparison as corresponding post-hoc analysis applied on the mean average scores for each group of biometric traits [23,43].A pairwise comparison of Device Interaction biometrics across the study conditions revealed that for Video Streaming, the willingness to disclose these types of biometric traits was significantly lower than for all other online service types except for Music Streaming.Profiling-Related traits were rated lowest for Social Media.We found significant differences compared to Banking and Cloud Storage.The latter received the highest ratings for all service types, which was, besides Social Media, also significantly higher than for Video Streaming.The Biopotential traits received low ratings for all study conditions.Nevertheless, there were differences between both Banking / Payment and Cloud Storage and Video Streaming, with lower ratings for the latter.Also, willingness to disclose was significantly DI: Device Interaction, PR: Profiling-Related, BR: Body-Related, B: Biopotential.Numbers correspond to the mean.Even though an absence of significance is no proof of equality, the small effect sizes for Profiling Related ( 2 = .024)and Biopotential traits ( 2 = .023)indicate a rather low impact of service types on users' willingness to disclose those types of traits.The significantly low ratings for Device Interaction traits in the Video Streaming condition result in a bigger but still "small" effect ( 2 = .043)[16].The high ratings for Body-Related traits in the Banking / Payment and Cloud Storage condition lead to a moderate effect size ( 2 = .093)and show that the context of use must not be disregarded without differentiating the type of biometric trait.
Regarding RQ1c, we conclude that internet users' willingness to disclose biometric traits for CAuthN depends on the context of the online service type.

Structural Model of Willingness to Disclose
We used Partial Least Squares based Structural Equation Modeling (PLS-SEM) to explore factors influencing users' willingness to disclose biometric traits for CAuthN (RQ2a).We chose PLS-SEM over Covariance-based Structural Equation Modeling (CB-SEM) because we aimed to test our hypothetical framework, consisting of 13 constructs that originate from data with a lack of normality (cf.Fig. 1).Each model has three endogenous variables, i.e., WTD  Body-Related, WTD Profiling-Related, and WTD Device Interaction.Each WTD is connected with its corresponding privacy and response efficacy.Additional determinants modeled were the online service type specific Risk Asset , Susceptibility Asset , Risk Provider , and Trust Provider .Since one measurement model references a single online service type, we ran seven models to examine contextual influences using a multigroup analysis for answering RQ2b.
We assessed the measurement models and resulting structural models following guidelines by Hair et al. [39].Overall, the seven measurement models showed reflective indicator loadings > .7,indicating acceptable item reliability.Few exceptions with weaker loadings were found for measurement models in all conditions, but we still deemed the constructs acceptable because we could not identify patterns across all conditions.Internal consistency reliability   of four measurement models was between Cronbach's Alpha as the lower bound and the composite reliability as the upper bound, indicating sufficient construct reliability.Three models had constructs with   outside the recommended bounds (Susceptibility Asset in Music Streaming and Risk Asset in Banking / Payment and Social Media), indicating limited composite reliability for the constructs affected.Convergent validity of the measurement constructs showed an appropriate average variance extracted (AVE > .5)except for Risk Asset in the Banking / Payment and the Social Media model.Discriminant validity was confirmed since the Heterotrait-Monotrait (HTMT) ratio of the correlations was < .85,except for one outlier of .87 for two conceptually similar constructs.The Variance Inflation Factor (VIF) for all predictor constructs was lower than 3.33 indicating no collinearity issues. 2 values for the endogenous constructs were in the range [.4, .7]and attested to the models' moderate to substantial explanatory power.The endogenous constructs'  2 values were in the range [.3, .6]and can be rated as medium to large predictive accuracy.PLSpredict-based assessment of the models' predictive power resulted in  2 predict values >0, and a higher error rate in terms of RMSE for the linear regression model than for the PLS-SEM in all cases and thus showed a high predictive power.To test our hypotheses, we assessed the structural models' path coefficients and their -values resulting from a bootstrapping with 5000 subsamples (cf.Fig. 5, details in Appendix Tables 18 -24).
For Risk Asset , we only found one significant path pointing to the WTD of Body-Related traits in Video Streaming.Since the coefficient is rather low (.17), we reject our hypothesis H1a and conclude that for our sample, the risk related to unauthorized access to an account does not play a major role when deciding to disclose biometric traits.Since the results do not show a significant path coefficient for the influence of Susceptibility Asset on the WTD at all, we also have to reject our hypothesis H1b.The influences of risk and trust related to the appropriate handling of biometric traits by the provider are diverse, especially between the service types.While Trust Provider had a significant positive effect on the WTD, Risk Provider showed a negative effect.For Trust Provider , we only found significant paths to Device Interaction biometrics in the Cloud Storage and Video Streaming conditions, as well as for Profiling-Related traits in Messaging.We, therefore, could only partially confirm hypothesis H2a.The amount of significant paths increases for Risk Provider .We found significant paths for all groups of biometric traits in the conditions of Banking / Payment, Online Shopping, and Social Media.Since there are combinations of groups of traits and online service types with no significant paths between Risk Provider and WTD, we could, again, only partially confirm hypothesis H2b.We identified significant paths for response efficacy and privacy risk in all groups of traits across all study conditions and thus could fully confirm hypotheses H3 and H4.While response efficacy promoted our participants' WTD, the perceived risk for participants' privacy showed a negative effect.
Regarding RQ2a and RQ2b, we identified different factors influencing internet users' willingness to disclose depending on the online service type.Overall, we find no evidence that users' perceived susceptibility and risk associated with the asset of an online service type, nor trust in the provider, have a significant effect on users' willingness to disclose biometric traits for CAuthN.Yet, we find partial evidence that users' perceived risk associated with inappropriate handling of biometric data by the provider has a significant effect on their willingness to disclose.Its effect varies between online service types as well as between groups of biometric traits.Moreover, we find evidence that privacy risks and response efficacy have weak to moderate effects on participants' willingness to disclose biometric data for CAuthN.

DISCUSSION
To answer our research questions under RQ1, we examined internet users' willingness to disclose biometric data for CAuthN.Indeed, we find that willingness to disclose differs significantly among different types of biometric traits (RQ1a).Based on empirical evidence, our results suggest that internet users differentiate between four groups of biometric traits (RQ1b).In this regard, we find that in most online service contexts, participants preferred Device Interaction traits to be used over Body-Related and Profiling-Related ones but rejected the use of Biopotential traits.Furthermore, we showed that participants' willingness to disclose those groups of traits depends on the online service context (RQ1c).Especially, we find that users' willingness to disclose Body Related traits is higher in the Banking / Payment and Cloud Storage conditions compared to other contexts.Our findings have important implications for research and practice, as it shows that previous studies that survey individual biometric traits or simply ask questions such as "Are you willing to disclose biometric data?" compromise generalizability and validity.The varying perceptions of biometric traits in different use cases highlight the importance of contextualizing study settings.For instance, results obtained in the context of an online banking scenario (e.g., [87]) cannot be readily extrapolated to other use cases.In addition, instead of comparing individual biometric traits like previous research [32], the identified groups allow for more generic conclusions.Based on inspection, the four groups still apply to previous research findings and allow for categorizing future biometric traits, which are not yet available.Consequently, we are confident that the results of our study enable a user-centric impact assessment of various types of CAuthN systems.Especially, the observed differences in willingness to disclose different types of biometric traits have implications for users' acceptance of a particular CAuthN system.For instance, it can be assumed that the use of Body-Related biometrics in contexts such as social media or online shopping would be perceived as inappropriate.In the case of multimodal CAuthN systems [82], i.e., a system combining different biometric traits, our findings become particularly relevant.For example, when combining keystroke dynamics (Device Interaction) and face recognition (Body-Related) [84], users are likely to evaluate the overall system based on the biometric trait they perceive as most privacy-invasive.To ensure high acceptance, multimodal systems could combine features solely from the same group, e.g., either Device Interaction or Body-Related.In such a case, our findings help select the most appropriate group of biometric traits according to the context of an application while respecting users' (privacy) preferences.
Regarding our research questions under RQ2 and our hypotheses H1-H4, we examined which factors influence our participants' willingness to disclose biometric traits for CAuthN systems.We found no evidence that participants' perceived risk associated with unauthorized access to their account has an effect on their willingness to disclose.Likewise, we find no evidence for perceived susceptibility either.Rather, our results suggest that subjects weigh the perceived efficacy of a biometric trait against the loss of privacy associated with disclosing biometric data for CAuthN.
Our survey instrument does not allow us to make statements about the reasons why participants perceive a loss of privacy when providing biometric data to the operator of an app or online service for CAuthN.However, in essence, the disclosure of biometric data entails a loss of control over them.This can lead to various privacy risks for the self-disclosing subject.For instance, data may unintentionally leak due to a security breach, government authorities may gain access through legal regulations, or unscrupulous service providers may intentionally share or sell the data illegally.The identified groups of biometric traits not only differ in their willingness to disclose but also in the potential privacy risks associated with disclosure or misuse.Body-Related traits, such as fingerprints, are characterized by their immutability [81].Losing control over such data can have far-reaching consequences, as biometric systems are used in various aspects of life, such as border control [60].Biopotential traits fall under the category of health data.Potential privacy risks here can be quite diverse.For instance, EEG data can reveal not only information about age and gender but also neurological conditions or medication usage [45].Profiling-Related traits are already used in web tracking for user analysis or the provision of specific services, allowing inferences about an individual's life circumstances [10,57,64].In contrast, traits from the Device Interaction group have limited information content but still enable the recognition of a person based on their behavior [40].The averaged assessment of the loss of privacy when disclosing different groups of biometric traits shows a consistent ranking across all service types (cf.Appendix Table 9).Respondents perceive the highest loss of privacy with Body-Related traits, followed by Biopotential traits, Profiling Related traits, and Device-Interaction traits.Biometric traits directly linked to the physical identity of the respondents are generally considered more sensitive.It remains uncertain whether our participants were truly aware of the specific privacy risks, as, for example, the analysis possibilities of EEG data as representatives of the Biopotential group require expert knowledge.However, the overall ranking suggests that our participants may have intuitively assessed the potential privacy risks adequately.
Depending on the type of online service, we also observed that participants' perceived risk associated with the processing of biometric data by the online service provider had a negative impact on the willingness to disclose biometric traits for CAuthN purposes.Given the consistent ranking of privacy risks associated with the type of biometric traits, the perception of risk associated with an authenticating service provider holds the highest relevance, which seems to be different from traditional non-biometric authentication methods.Thus, when a CAuthN mechanism is employed by a provider associated with a high risk perception, it can lead to reduced acceptance of this technology.Our findings suggest that the use of CAuthN in Single Sign-On services offered under the name of a social media platform (e.g., Facebook [73]) may result in limited acceptance.To employ CAuthN for a wide range of online services, the adoption of a particularly trustworthy, central identity provider may be necessary.However, we note that these assumptions need further investigation.Structural equation modeling further revealed that effects differ for the same factor for different types of online services (i.e., contextual differences) as well as for different types of biometric traits.Thus, both aspects seem to be crucial in our participants' decision to disclose biometric traits.For example, effects of response efficacy on Body-Related traits are consistently lower compared to other groups of biometric traits (cf.Fig. 5).This could be due to the fact that biometric authentication based on fingerprints or facial recognition are widely deployed in consumer products, which makes perceived efficacy of Body-Related traits in protecting accounts more apparent or understandable to lay users.We assume that once CAuthN systems based on Device Interaction and Profiling-Related traits are deployed more widely, the effect of response efficacy on willingness to disclose will decrease.Similarly, assuming that factors with negative effects on willingness to disclose, such as general privacy risk and provider-related risk remain constant, the relevance of privacy-related perceptions in the decision-making process increases.
Comparing traditional biometric authentication systems and CAuthN systems suggests that users evaluate them based on the type of authentication mechanism and the system they are securing.Traditional biometric authentication has historically been examined as a replacement for password or PIN-based entry point authentication [9,25,92,104].Researchers often concluded that participants' evaluations of appropriateness and willingness to use can be linked to the respondents' experience with corresponding biometric traits [31,51,93,[102][103][104]. Our respondents do not seem to have applied this strategy, as it is unlikely that they have consciously gained experience with authentication systems using Device Interaction or Profiling-Related traits.As a result, users prefer Body-Related traits over Device Interaction traits for traditional biometric authentication, unlike what we observed for CAuthN [25,31,102].Traditional biometric authentication has predominantly been studied in the context of device authentication [9,25,92,104].Recent investigations considered biometric traits for entry point authentication in the context of various online services [103].Researchers found that the context of the online service influenced the respondents' preferences, but the applied study design did not allow drawing conclusions about the causes.Our study helps to bridge this gap since the structural equation model demonstrates that the primary factor influencing context-dependent evaluations is the perceived risk with a service provider's processing of biometric data.

LIMITATIONS AND FUTURE WORK
Our study is limited to U.S. citizens on the platform Prolific.While we ensured a homogeneous sample in terms of basic demographics, the population we studied is unique, limiting the generalizability of our findings.Due to resource constraints, we had to make this tradeoff, but we provided detailed demographic characteristics of our sample.From a statistical perspective, having a homogeneous population regarding usage frequency for all online service types tested would have been ideal.We focused our statements on the respective study groups to overcome this limitation.Despite variations in service usage among participants, we believe that the identified differences are practically relevant.Due to the hypothetical nature of our study, we investigated the intention to disclose biometric data to protect against a threat described only textually.However, it remains uncertain if users will act as suggested by our study when faced with real CAuthN systems that aim to protect against actual threats.Therefore, further experiments are necessary, including different biometric traits in various online service contexts, to assess users' acceptance of CAuthN in real-world scenarios.
Our survey instrument does not distinguish between the types of devices used by our participants to access online services or apps.This can lead to situations where participants primarily using mobile devices are asked to rate their willingness to share mouse dynamic data.This combination may appear illogical and could influence participants' assessments.However, we are confident that the groups of biometric traits identified through factorial analysis account for potential inconsistencies.For instance, the Device Interaction group includes biometric traits relevant to both mobile and non-mobile devices.Moreover, if participants adjusted their ratings based on the sensors available on their usual devices, our results would reflect typical device usage patterns for each online service, preserving the practical significance of our findings.
Choosing a threat model in which an attacker gains unauthorized access to an authenticated device for our survey might have been too abstract or irrelevant for our respondents, because the likelihood of unauthorized device access is potentially lower than the risk of an attack on an online account using stolen credentials.Future investigations should consider additional threat models to assess users' willingness to disclose biometric traits for CAuthN.Based on our findings, especially regarding the groups of traits identified, future work could investigate more differentiated usage scenarios of CAuthN, like local vs.remote processing of biometric traits or improvements of user experience due to reduced effort required for active re-authentications after timed-out sessions.

CONCLUSIONS
We surveyed 830 participants from the U.S. to examine their willingness to disclose different types of biometric traits to be used for CAuthN in the context of different apps and online service types.We identified four latent factors that reflect users' willingness to disclose different types of biometric traits, namely Body-Related, Device Interaction, Profiling-Related, and Biopotential.We provide evidence that users' willingness to disclose differs depending on the type of biometric trait and the context of the app or online service used.Whereas Device Interaction traits were generally considered to be most appropriate, participants assessed the disclosure of Body Related traits as reasonable only for contexts like Banking / Payment and Cloud Storage.We found no evidence that participants' willingness to disclose was related to the asset to be protected.Instead, willingness to disclose was mainly influenced by users' beliefs that a specific trait can help protect their account and the perceived loss of privacy related to the disclosure.Depending on the context, the risk related to the processing of biometric data by a particular service provider also had an effect on users' willingness to disclose biometric data.In conclusion, we find that acceptance of CAuthN technology depends on both the type of biometric data used and the application context.The results of our study are useful to design and develop CAuthN systems that strengthen account security while respecting internet users' privacy perceptions.
Before you can use your favorite social media website or mobile app, you must sign in, usually with a username and password.After that, you can use the app until you log yourself out or you are automatically logged out.
If an unauthorized person gains access to the device where you are logged into the service, they can use your social media account on your behalf.To prevent this, the provider of the social media website or mobile app could continuously check whether it is actually you who is using the service while you are logged in.For this purpose, the provider can use a variety of characteristics that are related to your person.These so-called biometric traits can either be collected with sensors or are obtained through your interaction with the device, like the way you are using a keyboard, a mouse, or many other traits.
In this survey, we would like to know how you would feel about providing your biometric traits to protect your social media account.
(1) Continuous Authentication is a technology that allows operators of an online service or mobile app to determine whether an account is actually being used by a legitimate user or by an unauthorized person.(correct) (2) With Continuous Authentication, biometric traits such as typing behavior on a keyboard can be analyzed during the use of an online service or mobile app to determine whether the user is a legitimate one.(correct) (3) With Continuous Authentication, I have to install an app on my smartphone to get a token to login to an online service or mobile app.(wrong) (4) Continuous Authentication is a technology that allows me to log in to many different online services or mobile apps with one password.(wrong) (5) Continuous Authentication increases the protection of my social media account by continously checking if it is really me who uses the account or someone unauthorized taking over my account.(correct) Answer options.Multiple choice.

A.5 Willingness to Disclose, Privacy Risk and Response Efficacy
Bevor each question group, participants are introduced to the slider instrument with a short description and the possibility to test the UI element.
A. Questions.How much of a risk to your privacy would it be to continuously share your [name of biometric trait] data with your favorite social media website or mobile app to improve your account protection?
Answer options.Slider input.

A.6 Risk Provider and Trust Provider
The items for risk and trust were presented together and in random order A.6.1 Trust Provider .Adapted from [68]. Questions.
(1) The provider of my favorite social media website or mobile app would be trustworthy in handling biometric data.(2) The provider of my favorite social media website or mobile app would tell the truth and fulfill promises related to biometric data provided by me.(3) I trust that the provider of my favorite social media website or mobile app would keep my best interests in mind when dealing with my biometric traits.(4) The provider of my favorite social media website or mobile app is in general predictable and consistent regarding the usage of my biometric traits.(5) The provider of my favorite social media website or mobile app is always honest with customers when it comes to using biometric traits that I would provide.
Questions.Please rate your agreement or disagreement with the following statements.
(1) In general, it would be risky to give my biometric traits to the provider of my favorite social media website or mobile app.(2) There would be high potential for loss associated with giving my biometric traits to the provider of my favorite social media website or mobile app.(3) There would be too much uncertainty associated with giving my biometric traits to the provider of my favorite social media website or mobile app.
(4) Providing the provider of my favorite social media website or mobile app with my biometric traits would involve many unexpected problems.(5) I would feel safe giving my biometric traits to the provider of my favorite social media website or mobile app.
Questions.Please rate your agreement or disagreement with the following statements.
(1) I seek out opportunities to learn about security measures that are relevant to me.(2) I am extremely motivated to take all the steps needed to keep my online data and accounts safe.(3) Generally, I diligently follow a routine about security practices.(4) I often am interested in articles about security threats.
(5) I always pay attention to experts' advice about the steps I need to take to keep my online data and accounts safe.(6) I am extremely knowledgeable about all the steps needed to keep my online data and accounts safe.
Questions.Please rate your agreement or disagreement with the following statements.
(1) Consumer online privacy is really a matter of consumers' right to exercise control and autonomy over decisions about how their information is collected, used, and shared.(2) Consumer control of personal information lies at the heart of consumer privacy.
(3) Companies seeking information online should disclose the way the data are collected, processed, and used.(4) A good consumer online privacy policy should have a clear and conspicuous disclosure.(5) It usually bothers me when online companies ask me for personal information.(6) When online companies ask me for personal information, I sometimes think twice before providing it.(7) It bothers me to give personal information to so many online companies.(8) I'm concerned that online companies are collecting too much personal information about me.

Figure 2 :
Figure 2: Schematic overview of the main survey flow with thematic groups and constructs elicited.

Figure 3 :
Figure 3: Participants' ratings for Risk Asset (top), Risk Provider (middle), and Trust Provider (bottom) across online service types.Numbers correspond to the mean.

Figure 4 :
Figure 4: Participants' ratings of willingness to disclose groups of biometric traits in different study conditions.

Figure 5 :
Figure 5: Path coefficients of PLS-SEM for groups of biometric traits across all online service types.

Table 3 :
Distribution of participants across study conditions with different online service types.
[38]mmended values[38]:  ≥ .7, ≥ .7, ≥ .7,AVE ≥ .5 5.1 Willingness to Disclose.Participants are presented with 16 sliders for the biometric characteristics listed in Table 2.The explanatory text noted in the table is displayed next to the slider.Questions.How willing are you to continuously share your [name of biometric trait] data with your favorite social media website or mobile app to improve your account protection?Answer options.Slider input.A.5.2 Response Efficacy.Participants are presented with 16 sliders for the biometric characteristics listed in Table 2.The explanatory text noted in the table is displayed next to the slider.Questions.Do you believe that continuously sharing your [name of biometric trait] data with your favorite social media website or mobile app would help to improve your account protection?Answer options.Slider input.A.5.3 Privacy Risk.Participants are presented with 16 sliders for the biometric characteristics listed in Table 2.The explanatory text noted in the table is displayed next to the slider.

Table 6 :
Demographics for the subsamples used in the between-group study conditions.

Table 7 :
Descriptive statistics for online service characteristics

Table 12 :
ANOVA for WTD Video Streaming

Table 10 Table 13 :
ANOVA for WTD Music Streaming

Table 16 :
ANOVA for WTD Messaging

Table 18 :
PLS-SEM for Banking / Payment