top of page

 Cisco x Duo Mobile 

Haptic Password

An Accessible Interaction for Seamless Authentication

Individual Class Project // User Research // Accesibility Design // User Testing // Figma

duo cover.png
How might we make cybersecurity more accessible and inclusive? 
What are the ways to detect, prevent, alert, or resolve cybersecurity attacks for people with disabilities?
Problem
 Statement  
Final Product

Haptic Password: mobile device generates 4 sets of random pulses that are played in short, medium, or long duration for authentication. User enters the vibration password in the Duo Mobile authentication window.

Frame 857.png

It is a digital authentication method for visually impaired users on desktop and mobile devices that uses tangible or tactile means with minimal visual or auditory assistance.

Project concluded with an onboarding process that provides a text description and a trial round of haptic password verification to educate and familiarize users with 3 pulse types and their durations.

final-mobile 4.gif

Featured on Cisco Blogs: 

Research Strategy

To break down the problem statement into absorbable pieces, I devised the following research plan: 

photo-1516321497487-e288fb19713f_ixlib=rb-4.0.jpg
  • Qualitative: Interviews for user perceptions

  • Quantitative: Surveys for trend investigation

  • Descriptive Research Strategy: Talk to users, observe behavior

  • Analytical Research Strategy: Use statsistics from public and open databases to find key insights

  • Critical Research Strategy: Analyze findings, compare to previous strategies

Photo Credit: John Schnobrich

Identifying User Group

Client didn't specify target user group and asked me to identify key demographic for problem statement.

Screenshot 2023-01-27 at 6.30.10 PM.png

Click to view in detail // Source: Disability and Health Data System (DHDS)

I took advantage of my location at UC Berkeley while doing a project. With all students and staff having to use Duo Mobile for authentication, I had access to a large pool of active users. I focused on the 18-30 year old age group including undergrad, grad, and post-doc students.

Screenshot 2023-01-27 at 6.29.30 PM.png

Click to view in detail // Source: Online Resource for U.S. Disability Statistics

Survey & Interview Insights

The surveys aimed to examine cybersecurity software usage and past threats people might have encountered, as well as users' experiences with Duo Mobile.

 

The interviews were focused on students with vision disabilities, to observe their interaction and navigation with Duo Mobile's authentication process and identify improvement opportunities.

Efficiency

  • Duo login delays due to wait times and repeated requests for push/codes

  • It also fails to automatically return to the login page

Lack of Information

  • Inability to view login device/history

  • Inability to verify login source when prompted with an unknown request 

  • Inability to report suspicious log-in attempts

Accessibility

  • Text readability is difficult for visually impaired users

  • Authentication through biometrics would be a good alternative 

Relevance

  • Users reluctant to buy auth software

  • Duo mobile passcode rarely used

  • Visually impaired users want phone call-in option back

Design Goals

SECURITY ISSUES 

  • Lack of information on unknown log-in requests leaving users vulnerable to cybersecurity threats 

ACCESSIBILITY ISSUES 

  • Lack of alternative authentication for visually impaired users due to security and admin control issues

How might we improve the user experience in the authentication process for users with vision disabilities?

Building Empathy

Here is an example of user persona I built from interview subjects, reflecting difficulties they faced with authentication on public devices without audio assistance.

Having a persona like Katie, I was able to refer to these pain points throughout the experience for users with visual impairments and help guide me along the design process.  

image 5.png

Click to view in detail 

They also help me keep my target audience’s interests and problems at heart and also feel more connected and empathetic with them.

User Journey Map.png

Click to view in detail 

PAIN POINTS TO ADDRESS

Users don’t have always earphones to listen to auditory feedback

Users experience ifficulty to read the screen

Duo Mobile app does not have an option to log out from previous devices

GOALS

Create a new authentication method that relies the less in auditory feedback

Create a new authentication method that is an alternative to numeric passcode input 

Add a new feature that logs out of previous sessions

Design Idea

1. "Haptic Password"
  • Gesture-less and tactile interaction to authenticate seamlessly that is still secure yet discreet, personal and accessible for our users with vision disabilities

2. Additional features
  • Design a device management log to provide an overview of devices that currently are authenticated

  • Design a login request log as reference to trace back suspicious login attempts

Ideation 1.0 - 4.0

 Basic concept

User's mobile device generates a 4-pulse randomized vibration pattern in short, medium, or long duration for authentication. The user replicates the pattern in the Duo Mobile window in their web browser.

TL; DR summary of 1.0 - 4.0 progression ⬇️

Version 1.0

  • Login delays in Duo due to wait times and repeated code requests

  • Does not auto-return to login page.

Version 3.0 - 3.1

  • Started creating workflow diagrams for mobile and desktop interaction, considering how to link unsuccessful verification to the flow

  • Began considering how to tie in unsuccessful verification to the flow

  • Version 3.0 - Button/key input: refined UI with button/key input, moved to mid-fidelity, and tested vibration input presentation on mobile device

  • Version 3.1 optimized S/M/L key conversion and reduced password progress display and mobile device input to button selection

Version 2.0 - 2.2

  • Version 2.0 - Button/key: haptic password entry changed to spacebar press/hold on keyboard or tap on mobile

  • Version 2.1 - S/M/L conversion: vibration patterns can be entered by selecting "S", "M", or "L" buttons

  • Version 2.2 - Numeric conversion: users assign numbers to short, medium, and long pulses and enter the corresponding numbers for the haptic password

Version 4.0 - 4.1

  • Haptic password can be played on smartwatches

  • Version 4.0 - Button/key input: clarifies that users must press "Verify" to check password accuracy and distinguish between requesting a replay or creating a new password

  • Version 4.1 - S/M/L key conversion: confirms that to replay the password, the user must select "Replay"

User Testing

I prototyped two input methods in Figma after 4 design rounds and set up vibration patterns with Haptics Studio and iPhone's built-in feature.

I asked 5 visually impaired students to test the haptic password prototype by authenticating a login request.

Source: Haptics Studio

Source: iPhone's vibration customization

The results of my user testing interviews showed that the users I tested with unanimously favored Method 2 - S/M/L key conversion

Method 1 - Button/key input result

Some users had trouble finding the interactive area on their screen or feared the presses might affect screen reader interaction

Method 2 - S/M/L key conversion result

Everyone had no trouble with blind typing and found button selection easy with the screen reader

User Feedback
I’m a dancer without the ability to see, so my tactile senses are definitely more enhanced and more sensitive

- Ethan, 20 year old student

It is something only I can feel and don’t have to worry about eavesdropping or overlooking if I were to use it in public

- Gabriela, 20 year old student

Future Development 

Test the onboarding process

To assess the steepness of the haptic password authentication method's learning curve and the effectiveness of the onboarding tutorial in teaching users to use it.

Smart watch integration

Explore the possibilities of playing Haptic Password on smart watches as another receiving end

User Interfaces

Desktop Version

Onboarding

Mobile Version