In this paper we explore the tension between automatic security and intentionality. During a user trial of Pico we offered two proximity authentication modalities: scanning a QR code, or pressing a button in the Pico app that is available only when the user is in Bluetooth range of a machine they can authenticate to. The feedback from this trial provides an insight into users' expectations with regard to intentionality. We discuss how this relates to the Pico authentication solution, how it has informed future Pico design decisions, and we suggest some ways in which security and usability researchers could address the issue of intentionality in future security design.
展开▼