Authenticating users to services on limited-user-interface devices
There is an increasing trend to interlink services like photo-sharing and social-networking services with network-enabled devices other than PCs or “lightweight computers” like smartphones or tablet computers. This includes set-top boxes, network printers and digital picture frames and example applications include showing photo albums from Picasa or Facebook on the large TV, printing out pictures from Picasa or Facebook without the need for a computer or showing one’s Facebook Feed on an advanced Internet terminal like the Pure Sensia. One reason that is leading the concept on is the use of device platforms like HP ePrint, Panasonic VieraCast and Google TV, where an operating-system developer or a device manufacture use the platform to build up an “app” library for the device or operating system.
It will also become more common with VoIP telephony encouraging the development of “personal landline telephone” services as well as “personalised home environments” being brought about by home automation and security functions being part of the connected home.
The current situation
The main problem with these services is that they require the user to log in to the service using an alphanumeric user name and an alphanumeric password. This would be best done using the regular QWERTY keyboard of a computer.
But most of these devices would require one of these methods to enter the credentials:
- “Pick-n-choose”, where the user uses a D-pad on the device’s control surface to pick letters from a letter grid shown on the device’s display. This is a method used primarily with set-top-box applications like “Pixel Eyes” (a Picasa / Filckr front-end) for TiVo; or used on most Internet radios to determine the network password for a Wi-Fi network.
- Small on-screen QWERTY keyboard for a touchscreen device. This is a practice used on smartphones and tablet computers that have this interface but is becoming common with network printers and other devices that use a touchscreen. This interface can be awkward and prone to errors if the device uses a small screen as common with most printers.
- “SMS-style” with a 12-key keyboard. This is where the device is equipped with a 12-key numeric keyboard not dissimilar to a telephone and the user enters the credentials as if they are tapping out a text message on a mobile phone. This practice may be used on communications devices (dialling phone numbers), security devices (entering access codes) or consumer electronics (direct-entry channel / track selection).
- 26-key alphabetic keyboard. This is where each letter of the alphabet is allocated a key usually in a 5×5 matrix in alphabetical order. You still may have to press a button to change case or switch to numeric or punctuation mode. This has been used with some of Sony’s MiniDisc decks for track labelling and is still used with some Brother labellers for entering label text, but is not commonly being used as a text-entry method for consumer electronics devices due to size, design or cost limitations.
As well, most of the implementations don’t allow for proper “hot-seat” operation by remembering just the user name; and therefore require the user to provide both the user-name and password when they want to use the service. This can then be made more awkward with the interfaces listed above.
Facebook’s login method
Facebook have improved on this with their HP ePrint app which is part of the HP Envy 100 printer which I have on loan for review. Here, the printer displayed an “authentication code” which I had to enter in to the Facebook Devices page (http://www.facebook.com/device). Here, you would have to log in with your Facebook credentials if you haven’t done so already. Then the printer is associated with your Facebook account.
The only limitation with this method is that the device is bound to only one FB account and multiple users can’t switch between their Facebook accounts. This can also make a Facebook user more vulnerable to undesirable control-panel modification to their account if the app allows it.
The reality with most devices
Most devices like network printers or set-top boxes are typically operated by multiple users. What needs to happen is a simplified multi-user login and authentication experience that suits this class of device.
This is also more so as the authentication parameters used by Google (Picasa, YouTube), Facebook and others are becoming central to the “single sign-on” environments offered by these service providers and these “single sign-on” providers could appeal as credentials bases for home network applications like NAS management or even building security.
What could be done
A situation using a combination of the “Facebook limited-device login” method and the login experience that one encounters when using an automatic teller machine or EFTPOS terminal would be appropriate here. This is where a device can keep multiple “device account codes” for multiple accounts as well as securing these accounts with a numeric PIN.
A credentials service like Facebook, Windows Live or Google could add a simplified “numeric PIN” field for limited user-interface devices as well as the text-based password. The simplified “numeric PIN” which would be four or six digits long would only be able to work on qualified devices and the user would need to key in their text-based password to log in from a computer or smartphone.
Devices that support “limited interface” operation create a “device account passcode” for each account that is to use the device. This allows the device to create a reference between the account on the service and the account on the device. When a user is added to the device, this would be shown on the device’s user interface and the user enters this in to a “Devices Login” page at the credentials service’s Website.
- A user selects the option to “add user” to the device using the device’s control surface.
- The device’s user interface creates a “device account passcode” and shows it on the device’s user-interface (LCD display, TV screen, etc). In the case of a network printer, it could also print out this “account passcode”.
- The user transcribes this “device account passcode” to the credentials service Website (Google, Facebook, Windows Live, etc) using a regular computer or other Web-browser-equipped device.
- If the user hasn’t previously defined a numeric PIN for “limited-interface access”, the service invites the user to enter and confirm a numeric PIN of own choosing if they agree to “protected device access”. This could be done either through the Web browser or continued at the device’s control surface.
If they have previously defined the numeric PIN, the device will challenge them to enter the numeric PIN using its control surface.
- The user’s account is bound to the device and the user would be logged in.
Switching between users on a device;
1 A user would go to the “Users” menu on the device and selects their user name represented as how they are known on the credentials service (Facebook name, etc) from the user list.
2 The user then keys in the numeric PIN using the device’s control surface
3 If successful, the device is “given” to the user and the user then interacts with the service from the device’s control surface
Other points of note
All users have opportunity to “remove themselves” from the device by going to the “user settings” UI and selecting “Remove User” option. Some devices may allow privileged users to remove other users from the device and there could be the option for users to change their numeric PIN from the device’s control surface.
It could be feasible for a device to provide varying levels of access to a user’s account. For example, a device shared by a household could allow “view-only” access to certain data while a user who is directly logged in can add or modify the data.
There could be the option to integrate local user-authentication information on devices that support this by relating the “device passcode” with the local user-authentication data record. This could allow a device like a security system to allow the user to gain access to functionalities associated with the credentials service but the user still uses their regular passcode associated with the device.
Once companies like social-networking or photo-sharing sites work on ways to support multi-user one-device scenarios with limited user-interface devices, this could open up paths of innovation for the devices and the services.