Tech companies need to unite and make device security easier for users

New research was carried out by cyber security specialists from the University of Plymouth and University of Nottingham
A Getty Images picture showing an adult accessing smartphone and laptop with fingerprint and password for enhanced security and seamless login experience

Tech companies need to unite and make device security easier for users

New research was carried out by cyber security specialists from the University of Plymouth and University of Nottingham
Significant progress has been made in helping people protect their devices and information through more user-friendly methods like biometrics and Passkeys, according to new research.
However, the majority of systems being used by technology companies place an undue burden on users to understand different and difficult security rules, while people also are not given enough choice about which solution best fits their individual requirements.
The research, published in the journal Computers & Security, was written by experts from the University of Plymouth and University of Nottingham who have been studying and monitoring password practices for more than 20 years.
They say the demand for secure and usable authentication methods has never been greater, with people owning increasing numbers of devices that – in a large number of cases – store all of their most important personal data.
But as things stand, people are required to engage with a range of authentication methods – including passwords, PINs, tokens, and biometrics – multiple times a day, across different devices and services.
This fragmented approach, the researchers say, not only increases cognitive load but also raises barriers for those with physical, cognitive, or contextual limitations with usability and security often treated as competing objectives rather than coexisting goals.

Technology is now fundamental to every aspect of our daily lives.

Each of us may need to authenticate something at least 100 times a day, whether that’s accessing our mobile phones, our computer devices or apps and software within them. What we now need is to reach a point where security measures become more technically complex, so our information is secure – but, from a user perspective, those measures need to be easier to understand and use. And we as users need to be given choices about what we want to do, rather than it being forced upon us.

Nathan ClarkeProfessor Nathan Clarke
Professor in Cyber Security and Digital Forensics

The researchers involved in the study have previously highlighted how major tech companies were failing to support users with advice on how to securely protect their data, and that basic password guidance can dramatically improve account security.
For their new article, they wanted to explore how authentication has evolved, to identify the key issues and challenges that remain, and to consider whether solutions are being proposed that can resolve the usability and security trade-off.
Based on their findings, the researchers believe designers and service providers need to give better consideration to who their users are, what they’re trying to do, and what level of assurance is appropriate for them at any particular time and context.
They have also called on technology providers to steer away from one-size-fits-all models, instead suggesting they should unite behind more inclusive, consistent, and user-centred approaches, with the goal being to create authentication systems that are secure by design and usable by all.
Without such a shift, they add, there is a risk of perpetuating systems that are secure in theory but flawed in practice and that undermine user trust and system integrity.

The easier we make it for security to be used, without adding unnecessary friction, the greater the chances of it feeling acceptable and tolerable for users. If we authenticate over 100 times a day, then we don’t want this to seem like over 100 interruptions and delays. We want protection to be the natural default position, and offering users flexible and usable solutions is a clear step towards achieving this.

Professor Steven Furnell
Professor of Cyber Security at the University of Nottingham
  • The full study – Clarke and Furnell: Usable authentication: Are we there yet? – is published in Computers & Security, DOI: 10.1016/j.cose.2025.104823.
 

Read more from our School of Engineering, Computing and Mathematics

More related news

A Getty Images picture showing an adult accessing smartphone and laptop with fingerprint and password for enhanced security and seamless login experience

Create the innovative and enabling technologies that underpin society and industry:

Oluwajomiloju Samuel Fakolujo - Computer Science student