Repository logo

Responsibility and Tangible Security: Towards a Theory of User Acceptance of Security Tokens



Change log


Payne, Jeunese 
Jenkinson, Graeme 
Stajano, Frank 
Sasse, M Angela 
Spencer, Max 


Security and usability issues with passwords suggest a need for a new authentication scheme. Several alternatives involve a physical device or token. We investigate one such alternative, Pico: an authentication scheme that utilizes multiple wearable devices. We present the grounded theory results of a series of semi-structured interviews for exploring perceptions of this scheme. We found that the idea of carrying physical devices increases perceived personal responsibility for secure authentication, making the risks and inconvenience associated with loss and theft salient for participants. Although our work is focused on Pico, the results of the study contribute to a broader understanding of user perception and concerns of responsibility for any token-based authentication schemes.


This is the author accepted manuscript. It is currently under an indefinite embargo pending publication by the Internet Society.


Journal Title

Proceedings 2016 Workshop on Usable Security

Conference Name

Journal ISSN

Volume Title


Internet Society
We are grateful to the European Research Council for funding this research through grant StG 307224 (Pico).