Biometric multi-factor authentication: On the usability of the FingerPIN scheme

Fingerprint-based authentication has been successfully adopted in a wide range of applications, including law enforcement and immigration, due to its numerous advantages over traditional password-based authentication. Despite the usability and accuracy of this technology, some significant concerns still exist, which can potentially hinder its further adoption. For instance, a fingerprint is permanently associated with an individual and, once stolen, cannot be replaced, thus compromising biometric-based authentication. To mitigate this concern, we previously designed a multi-factor authentication approach that integrates Type-1 and Type-3 authentication factors into a fingerprint-based personal identification number (PIN). To authenticate, a subject is required to present a sequence of fingerprints corresponding to the digits of the PIN, based on a predefined secret mapping between digits and fingers. We conducted a preliminary vulnerability analysis and demonstrated that this approach is robust to the compromise of one or more of the subject's fingerprints. The objective of the work presented in this paper is to identify any usability issues for this FingerPIN scheme, collect qualitative and quantitative data through a user study, and determine the participants' satisfaction with the authentication mechanism. We carried out systematic usability tests, designed suitable performance metrics for assessing authentication usability on an initial cohort of 100 individuals, and performed a comparative analysis of the FingerPIN scheme against traditional sequential multi-factor authentication schemes.