Visitors in smart homes might want to use certain device features, as far as permitted by the device owner (e.g., streaming music on a smart speaker). At the same time, protecting access to features from attackers is crucial, motivating a need for authentication.However, it is unclear if and how smart home visitors should authenticate as they usually do not have access to respective interfaces.
We explore considerations for the design of authentication for visitors evolving around, e.g., the visitors themselves as well as the environment and concrete mechanisms.
Moreover, we suggest a concrete idea: security questions to authenticate visitors in smart homes.
In an interview study (N=24), we found that owners and visitors appreciated the low effort and would adapt our approach.
We conclude with future research directions that we hope will spark further discussions around the design of authentication for smart homes, considering visitors and owners alike.