The increased connectivity of the IoT brings additional risk. Setting personalised and strong passwords when connecting new devices to the Internet can mitigate such risks. However, many IoT devices have limited interfaces: just a few buttons, if any at all, and light indicators, making it challenging for users to configure them. If secure configuration becomes complicated, users may choose easier, less secure options that leave their devices vulnerable.
Southampton researchers compared four interaction techniques for the configuration of IoT devices, looking for methods that allowed security, but were quick and easy to use. All four techniques used smartphone touchscreens to let users enter secure passwords.
Two of the techniques used a more ‘traditional’ approach by connecting the smartphone and the IoT device through a USB or audio cable, via the smartphone’s headphone socket. The third technique used a ‘Wi-Fi-only’ approach, where the smartphone creates a temporary Wi-Fi network to which the IoT device automatically connects before being redirected to the correct permanent network. The final option was the smartphone and the IoT device exchanging information through light: the smartphone's screen flashed black and white to mean binary 'zero' or 'one'; the IoT device read this light/binary pattern to learn the password from the smartphone.
The results found that two of the techniques were noticeably more usable than the others - the audio cable and the Wi-Fi-only interactions.
Study co-author Dr Enrico Costanza, from the University’s Agents, Interaction and Complexity Research Group, said: “We believe that not enough attention has been placed on how to make the IoT easy to use and to configure, so we hope that our results will motivate others in researching this topic.”
