English

User-to-PC Authentication Through Confirmation on Mobile Devices: On Usability and Performance

Human-Computer Interaction 2025-07-15 v1 Cryptography and Security

Abstract

Protecting personal computers (PCs) from unauthorized access typically relies on password authentication, which is know to suffer from cognitive burden and weak credentials. As many users nowadays carry mobile devices with advanced security features throughout their day, there is an opportunity to leverage these devices to improve authentication to PCs. In this paper we utilize a token-based passwordless approach where users authenticate to their PC by confirming the authentication request on their smartphones or smartwatches. Upon a request to login to the PC, or to evaluate privileges, the PC issues an authentication request that users receive on their mobile devices, where users can confirm or deny the request. We evaluate button tap and biometric fingerprint verification as confirmation variants, and compare their authentication duration, success rate, and usability to traditional password-based authentication in a user study with 30 participants and a total of 1,200 authentication attempts. Smartwatch-based authentication outperformed password-based authentication and smartphone-based variants in authentication duration, while showing comparable success rates. Participants rated smartwatch-based authentication highest in usability, followed by password-based authentication and smartphone-based authentication.

Keywords

Cite

@article{arxiv.2507.09190,
  title  = {User-to-PC Authentication Through Confirmation on Mobile Devices: On Usability and Performance},
  author = {Andreas Pramendorfer and Rainhard Dieter Findling},
  journal= {arXiv preprint arXiv:2507.09190},
  year   = {2025}
}

Comments

Submitted to MoMM 2025

R2 v1 2026-07-01T03:57:46.240Z