Cisco x Duo Mobile
Haptic Password
An Accessible Interaction for Seamless Authentication
Individual Class Project // User Research // Accesibility Design // User Testing // Figma
How might we make cybersecurity more accessible and inclusive?
What are the ways to detect, prevent, alert, or resolve cybersecurity attacks for people with disabilities?
Problem
Statement
Final Product
Haptic Password: mobile device generates 4 sets of random pulses that are played in short, medium, or long duration for authentication. User enters the vibration password in the Duo Mobile authentication window.
It is a digital authentication method for visually impaired users on desktop and mobile devices that uses tangible or tactile means with minimal visual or auditory assistance.
Project concluded with an onboarding process that provides a text description and a trial round of haptic password verification to educate and familiarize users with 3 pulse types and their durations.
Featured on Cisco Blogs:
Research Strategy
To break down the problem statement into absorbable pieces, I devised the following research plan:
-
Qualitative: Interviews for user perceptions
-
Quantitative: Surveys for trend investigation
-
Descriptive Research Strategy: Talk to users, observe behavior
-
Analytical Research Strategy: Use statsistics from public and open databases to find key insights
-
Critical Research Strategy: Analyze findings, compare to previous strategies
Photo Credit: John Schnobrich
Identifying User Group
Client didn't specify target user group and asked me to identify key demographic for problem statement.
Click to view in detail // Source: Disability and Health Data System (DHDS)
I took advantage of my location at UC Berkeley while doing a project. With all students and staff having to use Duo Mobile for authentication, I had access to a large pool of active users. I focused on the 18-30 year old age group including undergrad, grad, and post-doc students.
Click to view in detail // Source: Online Resource for U.S. Disability Statistics
Survey & Interview Insights
The surveys aimed to examine cybersecurity software usage and past threats people might have encountered, as well as users' experiences with Duo Mobile.
The interviews were focused on students with vision disabilities, to observe their interaction and navigation with Duo Mobile's authentication process and identify improvement opportunities.
Efficiency
-
Duo login delays due to wait times and repeated requests for push/codes
-
It also fails to automatically return to the login page
Lack of Information
-
Inability to view login device/history
-
Inability to verify login source when prompted with an unknown request
-
Inability to report suspicious log-in attempts
Accessibility
-
Text readability is difficult for visually impaired users
-
Authentication through biometrics would be a good alternative
Relevance
-
Users reluctant to buy auth software
-
Duo mobile passcode rarely used
-
Visually impaired users want phone call-in option back
Design Goals
SECURITY ISSUES
-
Lack of information on unknown log-in requests leaving users vulnerable to cybersecurity threats
ACCESSIBILITY ISSUES
-
Lack of alternative authentication for visually impaired users due to security and admin control issues
How might we improve the user experience in the authentication process for users with vision disabilities?
Building Empathy
Here is an example of user persona I built from interview subjects, reflecting difficulties they faced with authentication on public devices without audio assistance.
Having a persona like Katie, I was able to refer to these pain points throughout the experience for users with visual impairments and help guide me along the design process.
Click to view in detail
They also help me keep my target audience’s interests and problems at heart and also feel more connected and empathetic with them.
Click to view in detail
PAIN POINTS TO ADDRESS
Users don’t have always earphones to listen to auditory feedback
Users experience ifficulty to read the screen
Duo Mobile app does not have an option to log out from previous devices
GOALS
Create a new authentication method that relies the less in auditory feedback
Create a new authentication method that is an alternative to numeric passcode input
Add a new feature that logs out of previous sessions
Design Idea
1. "Haptic Password"
-
Gesture-less and tactile interaction to authenticate seamlessly that is still secure yet discreet, personal and accessible for our users with vision disabilities
2. Additional features
-
Design a device management log to provide an overview of devices that currently are authenticated
-
Design a login request log as reference to trace back suspicious login attempts
Ideation 1.0 - 4.0
Basic concept
User's mobile device generates a 4-pulse randomized vibration pattern in short, medium, or long duration for authentication. The user replicates the pattern in the Duo Mobile window in their web browser.
TL; DR summary of 1.0 - 4.0 progression ⬇️
Version 1.0
-
Login delays in Duo due to wait times and repeated code requests
-
Does not auto-return to login page.
Version 3.0 - 3.1
-
Started creating workflow diagrams for mobile and desktop interaction, considering how to link unsuccessful verification to the flow
-
Began considering how to tie in unsuccessful verification to the flow
-
Version 3.0 - Button/key input: refined UI with button/key input, moved to mid-fidelity, and tested vibration input presentation on mobile device
-
Version 3.1 optimized S/M/L key conversion and reduced password progress display and mobile device input to button selection
Version 2.0 - 2.2
-
Version 2.0 - Button/key: haptic password entry changed to spacebar press/hold on keyboard or tap on mobile
-
Version 2.1 - S/M/L conversion: vibration patterns can be entered by selecting "S", "M", or "L" buttons
-
Version 2.2 - Numeric conversion: users assign numbers to short, medium, and long pulses and enter the corresponding numbers for the haptic password
Version 4.0 - 4.1
-
Haptic password can be played on smartwatches
-
Version 4.0 - Button/key input: clarifies that users must press "Verify" to check password accuracy and distinguish between requesting a replay or creating a new password
-
Version 4.1 - S/M/L key conversion: confirms that to replay the password, the user must select "Replay"
User Testing
I prototyped two input methods in Figma after 4 design rounds and set up vibration patterns with Haptics Studio and iPhone's built-in feature.
I asked 5 visually impaired students to test the haptic password prototype by authenticating a login request.
Source: Haptics Studio
Source: iPhone's vibration customization
The results of my user testing interviews showed that the users I tested with unanimously favored Method 2 - S/M/L key conversion
Method 1 - Button/key input result
Some users had trouble finding the interactive area on their screen or feared the presses might affect screen reader interaction
Method 2 - S/M/L key conversion result
Everyone had no trouble with blind typing and found button selection easy with the screen reader
Future Development
Test the onboarding process
To assess the steepness of the haptic password authentication method's learning curve and the effectiveness of the onboarding tutorial in teaching users to use it.
Smart watch integration
Explore the possibilities of playing Haptic Password on smart watches as another receiving end
User Interfaces
Desktop Version
Onboarding
Mobile Version