Users embrace the rapid development of virtual reality (VR) technology. We are witnessing a widespread adoption of VR technology in more routine settings, such as gaming, social interactions, shopping, and commerce. VR systems access sensitive user data and assets when handling these routine activities, including payment, which raises the need for user authentication in VR. However, there is a limited understanding of how users perceive user authentication in VR, in particular, how users' interaction experiences factor into their perception of security and privacy. Our work adopts a ``technology probe'' approach to understand this question. We design technology probes of authentication in VR based on existing authentication interactions in both VR and the physical world. Further, we embed these probes in the routine payment of a VR game. Our qualitative analysis reveals that users face unique usability challenges in VR authentication, e.g., in motion control. Such challenges also hinder users from accessing security and privacy accurately in VR authentication. Users' expectations for VR authentication mainly center on improvements in interaction. However, their expectations could appear nonspecific and conflicting. We provide recommendations to accommodate users' expectations and resolve conflicts between usability and security.

翻译：用户拥抱虚拟现实（VR）技术的快速发展。我们正目睹VR技术在更常规场景中的广泛应用，如游戏、社交互动、购物和商务活动。VR系统在处理这些日常活动（包括支付）时会访问敏感的用户数据和资产，这凸显了在VR中进行用户身份验证的需求。然而，目前对用户如何感知VR中的身份验证、特别是用户的交互体验如何影响其对安全与隐私的认知，仍缺乏深入理解。本研究采用"技术探针"方法探究这一问题。我们基于现有VR和物理世界中的身份验证交互，设计了VR身份验证技术探针，并将其嵌入VR游戏的常规支付流程中。定性分析表明，用户在VR身份验证中面临独特的可用性挑战（例如动作控制），这些挑战也阻碍用户准确评估VR身份验证的安全性与隐私性。用户对VR身份验证的期望主要集中在交互改进上，然而这些期望可能显得模糊且相互矛盾。我们提出建议以契合用户期望，并解决可用性与安全性之间的冲突。