Let me in and keep me safe!

Usability and Accessibility of Authentication Methods for Voice User Interfaces 

An Accessibility Brief by Open Collaboration for Cognitive Accessibility

The purpose of this report is to present evidence on the usability and accessibility of authentication methods for voice payment systems. We highlight accessibility considerations for authentication methods design. The literature review and interviews with users were conducted to inform a research project on the cognitive accessibility of voice payment systems.

Background

Using voice assistants for digital banking is not only an attractive idea, but also a viable alternative (Vassilev et al. 2020). The integration of voice assistants in the banking industry is anticipated to enable individuals with disabilities to conduct financial transactions independently, conveniently, quickly, and securely from anywhere (Yuniati & Jayadi, 2021).

Balasuriya et al. (2018) reported that 72% of persons with cognitive disabilities (specifically intellectual disability) preferred using a voice interface compared to typing. However, persons with cognitive disabilities are more vulnerable to data privacy and security threats posed by these systems (Braun et al. 2020), particularly when exchanging sensitive banking information with a voice interface. Authentication processes are important to minimize data privacy and security threats.

Banks may find it challenging to determine the most secure and accessible authentication system when implementing voice assistant services (Yuniati et al., 2021).

Users’ perspectives on voice payment systems

Among people using mobile banking services (N=70), 27.2% were very interested in a voice assistant service as it could make financial transactions easier and quicker (Yuniati & Jayadi, 2021). However, 45.7% of respondents felt ordinary about it, and 27.1% were not interested due to doubts about voice recognition accuracy and concerns about privacy.

Users seem to believe biometrics—like face ID and fingerprints—are unique to their identity and can be trusted (Kathuria et al., 2020). However, the level of trust among users varies.

Concerns with using voice payment systems

Fraud and security threats

Users have concerns about using voice payment systems due to fraud and security threats as others could record their voice (Kathuria et al. 2020; Vassilev et al. 2020). For example, people were concerned that by transacting using voice commands, transaction and financial information will be heard and known by others around them (Yuniati & Jayadi, 2021). There was also some reluctance to speak passwords aloud (Vassilev et al. 2020). People value Security, Privacy, and Reliability as top factors impacting trust in voice biometrics (Kathuria et al. 2020).

Size of transaction

Kathuria et al. (2020) found that trust levels were influenced by transaction size when it came to ordering and making payments, with lower total amounts and repeat orders garnering more comfort. In terms of voice biometric usage, the authors noted that the preferred order for the type of use was transactional, followed by low critical financial (e.g., low amount, repeat purchase), and then high critical financial (e.g., high amount).

Assumptions and preconceived notions

People also had various assumptions and preconceived notions, such as differences in trust between using voice payment systems in indoor vs outdoor settings, the perceived cost of the technology, perceived lower accuracy compared to other biometrics, and reliability issues with voice authentication (Kathuria et al., 2020). Some users had concerns with the maturity of voice biometrics (Hayashi & Ruggiero, 2022).

Return to top of page.

Overview of Authentication Methods

Authentication is a crucial part of financial transactions, to verify a person’s identity (Lott, 2018). With e-commerce, payment providers have a greater responsibility to ensure the legitimacy of transactions to maintain the trustworthiness of payment methods. Therefore, they must adopt strong customer authentication methods (Lott, 2018).

In the authentication phase, the customer’s account information is verified by the bank, and subsequently, the acquirer bank sends the request to a payment gateway (Bojjagani et al. 2023). This payment gateway acts as an intermediary that facilitates payment settlement between the customer’s bank (referred to as the issuing bank) and the merchant’s bank (known as the acquirer bank) using the bank’s private network (Bojjagani et al. 2023).

There are four categories of authentication methods. These are based on: 1) something you know (knowledge-based); 2) something you have (possession-based); 3) something you are (inherent or biometric characteristics); and 4) something you do (actions) (Grabatin et al. 2021). Below are examples of each method:

1. Knowledge-based authentication methods include passwords, PINs, and transaction numbers.
2. Possession-based authentication methods involve physical items such as security keys, USB tokens, smart cards, and RFID or NFC chips. These methods are widely used in conjunction with multi-factor authentication.
3. Behavioural biometric authentication methods use methods such as body sensors, voice recognition, signature recognition, gait recognition, behaviour profiling, keystroke dynamics, and touch dynamics to authenticate the user.
4. Physiological biometric authentication methods can include fingerprint, face, iris, retina, and palm recognition.

Method for this Report

Evidence presented in this report is based on a review of scientific publications and interviews with 29 individuals who self-identify as having a cognitive disability or being neurodivergent.

Literature Review

The search strategy included the following keywords:

ALL=((“speech recognition” OR “voice assistant” OR “smart speaker” OR “voice recognition” OR ” voice interface” OR “digital assistant” OR “intelligent personal assistant” OR “voice print”) AND (“payment system” OR “financial transaction” OR “payment” OR “banking industry” OR “banking sector” OR “banks” OR “financial institution”) AND (“authenticat” OR “validation” OR “Password*”)).

We accessed scientific papers through the University of Ottawa Library. Databases were selected to reflect a multidisciplinary approach (e.g. computer engineering, cognitive psychology, and human-computer interactions).

The inclusion criteria for articles were broad due to limited search results: 1) mention of a voice interface or speech recognition software; 2) mention authentication process; and 3) mention of voice-based software used for banking purposes. Only articles from (January 1st, 2020 to February 26, 2025 were included.

After removing duplicates (13 papers removed), we applied inclusion criteria to a total of 125 articles in English and French. After title, abstract and full-text reviews, 27 articles met our inclusion criteria and were included in our review. A full list of references is available on page 20-21.

Interviews with persons with cognitive disabilities

Interviews with 29 individuals who identified as having a cognitive disability were completed to inform a larger research project on the cognitive accessibility of voice payment systems. Interviews were analyzed using pre-structured summaries.

Return to top of page.

Findings

In the Findings outlined below, the terms “voice input”, “speech input”, “voice-based systems”, “voice assistant”, “speech assistant”, “speech-based systems”, and “conversational interfaces” were synonymous in the literature and will be used interchangeably.

Users’ preferred authentication methods

Users highlighted the importance of authentication being both secure and easy to. Multiple authentication methods can improve usability, as long as they work together. Voice biometrics was found to be the preferred method of authentication by users as they prefer authentication methods that do not require additional interactions, but they still want financial transactions to be secure. (Hayashi & Ruggiero, 2022)

Börjesson (2022) found that employees and students reported passwords to be the most used authentication method, while multi-factor authentication was identified as the preferred authentication method. Biometrics was the second most preferred method, followed by certification cards or tokens and then passwords.

Suitability of authentication methods

The suitability of various authentication methods is based on six general factors outlined by Grabatin et al. 2021:

1. Reliability. While classical authentication methods are reliable and can be checked offline, they can be slow and susceptible to phishing and other attacks. Biometric authentication methods, especially physiological ones, are more reliable in verifying identity but may fail in certain circumstances such as during accidents or while wearing masks (during face recognition). The speed of physiological authentication methods tends to be higher than behaviour authentication methods. It is important to have a backup strategy for authentication methods due to the potential for failure.
2. Security. Classical methods like passwords and patterns are vulnerable to compromise if an attacker has physical access or can shoulder surf. These methods can also be phished, cracked, or guessed through various means. Physical authentication methods are often used as a second factor to improve security, but they can also be stolen or have implementation bugs. Biometric authentication methods are more secure in terms of behaviour, but they are not as accurate as other methods. The security of biometric authentication also depends on the implementation, and if biometric information is stolen, it can have a significant impact. Overall, the security of authentication methods depends on the specific implementation and potential attack vectors such as compromised servers or social engineering.
3. Data Protection and Privacy. Classical password and pattern authentication can be decent approaches for data protection and privacy, as they allow the use of pseudonyms and make it difficult for attackers to guess both the ID and password. Physical authentication methods can also be good for data protection and privacy, as they are not necessarily bound to a specific person’s identity. However, biometric authentication methods present challenges for data protection and privacy as they are closely tied to a person’s body. Once compromised, personal data such as financial or health data are immediately at risk because authentication cannot be handed over. This is desirable for security and reliability, but not for privacy. Novel paradigms such as blockchain may be better suited for privacy-enhancing authentication.
4. Usability. Password-based authentication performs poorly in terms of usability, especially if password policies are in place. PINs can improve security if blacklisting is used, but it can also affect usability. Physical authentication methods such as security keys, USB tokens, smart cards, or NFC-based authentication methods perform better than password-based authentication. Mobile authentication using Bluetooth-based presence-indicating approaches can have problems in crowded environments with shared IT systems. Biometric authentication methods have good usability, especially for users with disabilities, as they do not require something the user needs to know or have, but something they are. There are many suitable biometric approaches that can be selected for a specific scenario.
5. Environmental Requirements. Knowledge-based authentication methods such as passwords and PINs may not be suitable for healthcare environments due to being error-prone and slow. Possession-based authentication methods such as smart cards and electronic devices may also have limitations in environments where protective clothing is worn. Biometric authentication systems such as fingerprint or face recognition may also have limitations due to factors such as face masks or extreme temperatures.
6. Interoperability. The interoperability of authentication methods with the system, users, and environment is a crucial factor when selecting a suitable method. Passwords are widely implemented but can be difficult to use in certain situations. Biometric and token-based authentication methods on the other hand, are less widely implemented. Only a few systems allow for interchangeable authentication methods based on user needs and environmental factors, requiring careful planning when selecting less common authentication methods.

Return to top of page.

Accessibility considerations for authentication

Recent research has found that the principles of universal design are often not applied in authentication method design and the needs of individuals with disabilities are not considered, often rendering authentication methods inaccessible (Ophoff & Renaud, 2023; Erinola et al. 2023).

Furnell et al. (2022) showed that biometric authentication methods have the potential to be more inclusive without major investment of resources but universal design must be kept in mind so new challenges are not created for certain disability groups. Whittington and Dogan (2023) suggested the use of a tool that would allow users to provide information about accessible authentication requirements to organizations before setting up their online accounts.

Wang et al. (2022) examined the accessibility needs of older adults for mobile user authentication and proposed key design recommendations to make authentication accessible:

Design elements	Design recommendations
Font size (Iancu & Iancu, 2020)	Bigger than 16 pixels, a height of characters of ~4.2 mm, and the minimum font should be 12–14 points with Times New Roman/Arial/Helvetica
Space (Interaction Design Foundation, 2016)	0.2 cm in a sequence manner and 1 cm apart between unrelated items
Icons (Iancu & Iancu, 2020)	9.6 millimeters diagonally
Illumination (Nedopil et al., 2013)	Dim light, adjustable light, and increased and adjustable contrast between the background and the text while avoiding background images.
Background noise (Nedopil et al., 2013)	Eliminating noise.
Sound volume and sensorial warnings (Fisk et al., 2020)	Providing tactile and/or audible feedback, augmenting warning signals using a supplementary sensory channel, and alarming for a longer duration.
Compatibility (Fisk et al., 2020)	Speech recognition, voice-command, and voice-response technology.
Rhythm (Nedopil et al., 2013)	Computer-generated voices should be avoided and a natural speech intonation should be used.
Voice characteristics (Fisk et al., 2020)	Female voice is preferred.
Speech rate (Fisk et al., 2020; Nedopil et al., 2013)	140 words per minute and high frequencies sound below 4000 Hz
Interface elements (Fisk et al., 2020; Interaction Design Foundation, 2016; Nedopil et al., 2013)	Large screen, large fonts, big buttons, and adequate space between buttons to prevent pressing two buttons at the same time.
Interaction (Iancu & Iancu, 2020)	Grouped in sequence-of-use.
Navigation support (Lewis & Neider, 2017; Nedopil et al., 2013)	A simple and static menu is preferred.
Operations (Lewis & Neider, 2017; Nedopil et al., 2013)	Simple and with a low workload (e.g., double click, scrolling, and multiple gestures should be minimized)
Material design (Andronico et al., 2014; Kim et al., 2007)	Light and not slippery materials.
Operations (Campbell, 2015)	Longtime interval in actions is critical and shunning multitasking or splitting a task into different parts, and feedback and reminders are required if a heavy task is indeed.
Navigation assistance (Fisk et al., 2020; Lewis & Neider, 2017; Nedopil et al., 2013)	Simplification of the process (e.g., least pages, steps, and options needed), task-oriented (i.e., clearly indicate the steps and status of a task, text and number key rather than icon (e.g., using a short phrase for explanation), and easy access (e.g., offering a few memorable shortcuts for direct access).

Physiological-based biometrics

According to Wang et al. (2022), physiological-based biometrics, such as fingerprint and face recognition, are secure and difficult to forge but can raise privacy concerns. They are easy to use and do not require hearing or complex cognitive skills. However, fingerprint-based systems face usability and security challenges, such as difficulty for older adults with dry skin or skin tears, and vulnerability to fingerprint residue or gummy fingerprints (Wang et al., 2022; Verma et al. 2024). Face recognition systems are vulnerable to presentation attacks and sensitive to background lighting, and limited facial expressions can also pose a challenge. Voice recognition is a natural communication technology that has the potential to address almost all accessibility needs. For users who experience speech or hearing challenges, a good accommodation for voice recognition could be to accompany it with a visual display. As for the iris recognition, it holds great promise for addressing all accessibility needs of users who have an intact iris (Wang et al., 2022).

Behavioural Biometrics

The use of behavioural biometrics on touch-screen mobile devices for older adults includes two commonly used methods: 1) keystrokes and 2) touch gesture-based authentication.

Keystroke-based authentication requires a user to enter a password via a soft keyboard on the touch screen, which can increase the cognitive load and is susceptible to security attacks. Touch gesture-based authentication distinguishes users based on finger movements on the touchscreen and can be performed sight-free but requires a steep learning curve for some older adults. Handwriting-based authentication can be performed naturally, but the hand instability of some users makes it impractical. Finally, 3D Pattern Lock is an enhanced authentication method that adds additional layers of safeguarding but contradicts recommendations to alleviate the cognitive needs and actions of older adults.

The use of body movements for authentication and monitoring of older adults, particularly gait, has been widely used in healthcare. Gait-based biometrics can help older adults with visual and cognitive impairments, but they may become ineffective if significant behaviour or health changes, such as frailty, occur. Recent developments in gait recognition have improved continuous authentication and tracking of older adults’ daily actions, but the computational overhead is still a challenge. Gaze movement is another biometric that is difficult to forge but may cause eye fatigue and is not suitable for users with visual impairments. In general, older users tend to experience lower performance when using biometric-based authentication compared to non-older users. (Wang et al., 2022)

Password Authentication

According to Wang et al. (2022), password authentication can be difficult for individuals with memory challenges, especially when dynamic passwords are required for security (Vassilev et al. 2020). Beacon technology is a low-cost, location-based technology that utilizes small devices called beacons to transmit signals to Bluetooth-enabled devices like smartphones and tablets. These signals contain information about the physical location of the beacon and can be used to trigger specific actions, such as authentication to the devices within range (Vassilev et al., 2020). The beacon method is a secure alternative to the token method, is easy to use, cost-effective, and can be used on general-purpose devices such as smartphones (Vassilev et al., 2020).

Requirements

Requirements for supporting people with disabilities have a focus on reliability and interoperability. Disabilities often reduce the ease of interaction; therefore, starting with a user-friendly design is paramount. Grabatin et al. (2021) found that security, privacy, and environmental factors were not extremely important to participants but should obviously still be considered carefully.

The quality of different authentication methods was evaluated based on the following: Reliability, security, privacy, usability, environmental and interoperability). Possession-based authentication methods score highest followed by a tie between knowledge-based and biometric authentication factors. Behaviour-based authentication was deemed as the least suitable method. (Grabatin et al., 2021)

Return to top of page.

Lived experience of users with cognitive disabilities

Qualitative data analysis of the interview summaries revealed that users had major concerns about the usability and reliability of voice-based authentication methods. Within a simulated authentication exercise, users frequently struggled with errors in login information and dealing with an inefficient voice recognition system. Users also expressed fears about privacy and security with voice-based authentication especially when dealing with sensitive financial information and large transactions. This exercise highlights the importance of involving persons with disabilities during the design of authentication methods. Although research has shown voice-based authentication methods to hold promise for accessibility, it also can present several barriers based on the lived experience of users. A responsive and intelligent system can help to mitigate barriers, as noted by users in interviews.

When asked about their usual login methods, users expressed using biometric authentication methods (such as fingerprint or Face ID) or multi-factor authentication. They mentioned that some pre-filled information for bank apps is helpful (i.e., if they are already signed into their device) because they don’t have to remember as much information to input each time. Some users expressed that they prefer multi-factor authentication even though it takes longer to complete because they can trust it to keep their accounts secure. This has also been noted in previous literature with users indicating a preference for multi-factor authentication (Kruzokova et al. 2024).

In summary, the major issues expressed by users during interviews include:

1. Lack of trust in voice-based authentication
2. Inefficient voice recognition that fails to accurately understand voice commands
3. Remembering information to enter in long and complex authentication processes

---

Resources and Bibliography

Alfayez, F., & Khan, S. B. (2024). User-centric secured smart virtual assistants framework for disables. Alexandria Engineering Journal, 95, 59-71. doi: 10.1016/j.aej.2024.03.033.

Arifin, A. A. (2020). Always Listening? : An Exploratory Study of the Perceptions of Voice Assistant Technology in Indonesia (Dissertation). Retrieved from http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-414173

Balasuriya, S. S., Sitbon, L., Bayor, A. A., Hoogstrate, M., & Brereton, M. (2018, December). Use of voice activated interfaces by people with intellectual disability. In Proceedings of the 30th Australian Conference on Computer-Human Interaction (pp. 102–112).
https://doi.org/10.1145/3292147.3292161

Bojjagani, S., Sastry, V. N., Chen, C. M., Kumari, S., & Khan, M. K. (2023). Systematic survey of mobile payments, protocols, and security infrastructure. Journal of Ambient Intelligence and Humanized Computing, 14(1), 609-654. https://doi.org/10.1007/s12652-021-03316-4

Börjesson, S. (2022). Perceptions of Authentication Methods; Students and Employees with their job platforms and social media accounts : Study done in Sweden (Dissertation). Retrieved from http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-21510

Braun, M., Wölfel, M., Renner, G., & Menschik, C. (2020, September). Accessibility of different natural user interfaces for people with intellectual disabilities. In 2020 International Conference on Cyberworlds (CW) (pp. 211–218). IEEE. doi: 10.1109/CW49994.2020.00041

Cankaya, E. (2011). Authentication. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_772

Cobigo, V., Bah, F., Lévesque, D., Tahir, M. (2023). Usability and Cognitive Accessibility of a Voice User Interface for Payment Systems – Phase 1 report : Exploring the literature. Open Collaboration for Cognitive Accessibility.

Di Campi, A. M., & Luccio, F. L. (2025). Accessible authentication methods for persons with diverse cognitive abilities. Universal Access in the Information Society, 1-23.

Erinola, A., Buckmann, A., Friedauer, J., Yardım, A., & Sasse, M. A. (2023, July). “As Usual, I Needed Assistance of a Seeing Person”: Experiences and Challenges of People with Disabilities and Authentication Methods. In 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 575-593). IEEE. doi: 10.1109/EuroSPW59978.2023.00070.

European Central Bank. (2018). The revised Payment Services Directive (PSD2) and the transition to stronger payments security. https://www.ecb.europa.eu/paym/intro/mip-online/2018/html/1803_revisedpsd.en.html

Furnell, S., Helkala, K., & Woods, N. (2022). Accessible authentication: Assessing the applicability for users with disabilities. Computers & Security, 113, 1. https://doi.org/10.1016/j.cose.2021.102561

Grabatin, M., Steinke, M., Pöhn, D., & Hommel, W. (2021, April). A Matrix for Systematic Selection of Authentication Methods in Challenging Healthcare related Environments. In Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (pp. 88-97). https://doi.org/10.1145/3445969.3450424

Hayashi, V. T., & Ruggiero, W. V. (2022). Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning. Sensors, 22(4), 1325. https://doi.org/10.3390/s22041325

Kathuria, R., Wadehra, A., & Kathuria, V. (2020). Human-centered artificial intelligence: antecedents of trust for the usage of voice biometrics for driving contactless interactions. In HCI International 2020–Late Breaking Posters: 22nd International Conference, HCII 2020, Copenhagen, Denmark, July 19–24, 2020, Proceedings, Part I 22 (pp. 325-334). Springer International Publishing. https://doi.org/10.1007/978-3-030-60700-5_42

Kelly, N., & Petrie, H. (2022, July). Digital authentication and dyslexia: A survey of the problems and needs of dyslexia people. In International Conference on Computers Helping People with Special Needs (pp. 18-25). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-031-08645-8_3

Kruzikova, A., Muzik, M., Knapova, L., Dedkova, L., Smahel, D., & Matyas, V. (2024). Two-factor authentication time: How time-efficiency and time-satisfaction are associated with perceived security and satisfaction. Computers & Security, 138, 103667. https://doi.org/10.1016/j.cose.2023.103667

Lott, D. (2018). Biometrics: Modernising customer authentication for financial services and payments. Journal of Payments Strategy & Systems, 12(4), 371-382.

Mekruksavanich, S., & Jitpattanakul, A. (2021). Deep learning approaches for continuous authentication based on activity patterns using mobile sensing. Sensors, 21(22), 7519. https://doi.org/10.3390/s21227519

Ophoff, J., & Renaud, K. V. (2023, September). Universal design for website authentication: views and experiences of senior citizens. In 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW) (pp. 46-53). IEEE.

Prabakaran, D., & Ramachandran, S. (2022). Multi-factor authentication for secured financial transactions in cloud environment. CMC-Computers, Materials & Continua, 70(1), 1781-1798. DOI:10.32604/cmc.2022.019591

Vassilev, V., Phipps, A., Lane, M., Mohamed, K., & Naciscionis, A. (2020, January). Two-factor authentication for voice assistance in digital banking using public cloud services. In 2020 10th International Conference on Cloud Computing, Data Science & Engineering (Confluence) (pp. 404-409). IEEE. doi: 10.1109/Confluence47617.2020.9058332.

Verma, D., Sharma, S., Awasthi, M., Chandrol, A., & Sunil, G. (2024). Assessing the Effectiveness of Fingerprint Authentication in Preventing Fraud during Financial Transactions. 2024 IEEE 1st Karachi Section Humanitarian Technology Conference, Khi-HTC 2024. Scopus. https://doi.org/10.1109/KHI-HTC60760.2024.10482351

Wang, K., Zhou, L., & Zhang, D. (2022). Biometrics-Based Mobile User Authentication for the Elderly: Accessibility, Performance, and Method Design. International Journal of Human–Computer Interaction, 1-15. DOI: 10.1080/10447318.2022.2154903

Whittington, P., & Dogan, H. (2023, November). Authentibility Pass: An Accessible Authentication Gateway for People with Reduced Abilities. In 2023 IEEE International Conference on e-Business Engineering (ICEBE) (pp. 155-162). IEEE. doi: 10.1109/ICEBE59045.2023.00043.

Yuniati, D & Jayadi, R. (2021). Analysis and design of voice assistant for indonesian banking transaction. Journal of Theoretical and Applied Information Technology, 99 (20). 4808-4823

Zezulak, A., Tazi, F., & Das, S. (2023). SoK: evaluating privacy and security concerns of using web services for the disabled population. arXiv preprint. https://doi.org/10.48550/arXiv.2302.13261

Return to top of page.