Scope: The number of devices, services, and media we have in our homes is increasing. Managing all of these is a burden, given that people are poor at configuring for unknown situations in the future. Here, we are examining how we can simplify access control. We are applying two ideas. First, we are shifting from pessimistic access control, which requires upfront configuration to prevent unauthorized access, towards optimistic access control, which allows for simpler rules with the philosophy of detecting unauthorized access after the fact. Second, we are examining how proximity as a factor can help. We want to enable people to specify rules like, “my children can only log into Facebook if I am in front of the computer,” or “my children can watch television if I am at home with them.”
Outcomes: We are in the early stages of designing and evaluating a system for casual authentication. We have conducted a diary study showing that the majority of people login only at work or at home, and on their own personal computers. We are currently examining what technical approaches there are for detecting “safe” contexts, as well as what attacks people might exploit to penetrate simplified logins.