Towards Secure and Usable XR Authentication Schemes for Head-Mounted Displays: A Co-Creation Study with Experts

Abstract

Head-mounted displays (HMDs) are increasingly integrated into users’ daily lives to provide immersive extended reality (XR) interactions. However, authentication on HMDs can disrupt this immersion because unsuitable 2D methods (e.g., passwords or PINs) are used, or HMDs are not secured at all. This paper presents in-depth results of seven co-creation workshops with 24 security and HCI experts to develop novel authentication concepts specifically tailored for HMDs. First, we collected 123 authentication concept ideas. Second, we extracted critical properties to propose overall design requirements for secure and usable interactions (e.g., user awareness, discreetness, and re-purposing of body parts), and security (e.g., resilience to virtual observation) in HMD authentication. We conclude the paper by discussing how schemes can be tailored to the users’ circumstances and options to ease the tension between security, usability, and privacy in HMD authentication.