Internet Users' Willingness to Disclose Biometric Data for Continuous Online Account Protection: An Empirical Investigation

Authors: Florian Dehling (Bonn-Rhein-Sieg University of Applied Sciences), Jan Tolsdorf (The George Washington University), Hannes Federrath (University of Hamburg), Luigi Lo Iacono (Bonn-Rhein-Sieg University of Applied Sciences)

Volume: 2024
Issue: 2
Pages: 479–508
DOI: https://doi.org/10.56553/popets-2024-0060

Download PDF

Abstract: Continuous authentication has emerged as a promising approach to increase user account security for online services. Unlike traditional authentication methods, continuous authentication provides ongoing security throughout the session, protecting against session takeover attacks due to illegitimate access. The effectiveness of continuous authentication systems relies on the continuous processing of users' sensitive biometric data. To balance security and privacy trade-offs, it's crucial to understand when users are willing to disclose biometric data for enhanced account security, addressing inevitable privacy concerns and user acceptance. To address this knowledge gap, we conducted an online study with 830 participants from the U.S., aiming to investigate user perceptions towards continuous authentication across different classes of online services. Our analysis identified four groups of biometric traits that directly reflect users' willingness to disclose them. Our findings demonstrate that willingness to disclose is influenced by both the specific biometric traits and the type of online service involved. User perceptions are strongly shaped by factors such as response efficacy, perceived privacy risks associated with the biometric traits, and concerns about the service providers' handling of such data. Our results emphasize the inadequacy of one-size-fits-all solutions and provide valuable insights for the design and implementation of continuous authentication systems.

Keywords: Continuous Authentication, Biometric Traits, User Privacy Perception, Usable Privacy Security, Factor Analysis, PLS-SEM

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.