Passwords remain a widely-used authentication mechanism, despite their well-known security and usability limitations. To improve on this situation, next-generation authentication mechanisms, based on behavioral biometric factors such as eye movement and brainwave have emerged. However, their usability remains relatively under-explored. To fill this gap, we conducted an empirical user study (n=32 participants) to evaluate three brain-based and three eye-based authentication mechanisms, using both qualitative and quantitative methods. Our findings show good overall usability according to the System Usability Scale for both categories of mechanisms, with average SUS scores in the range of 78.6-79.6 and the best mechanisms rated with an "excellent" score. Participants particularly identified brainwave authentication as more secure yet more privacy-invasive and effort-intensive compared to eye movement authentication. However, the significant number of neutral responses indicates participants' need for more detailed information about the security and privacy implications of these authentication methods. Building on the collected evidence, we identify three key areas for improvement: privacy, authentication interface design, and verification time. We offer recommendations for designers and developers to improve the usability and security of next-generation authentication mechanisms.

翻译：密码作为一种广泛使用的身份验证机制，尽管其安全性和可用性存在众所周知的局限性。为改善这一状况，基于行为生物特征（如眼动与脑电波）的下一代身份验证机制应运而生，但其可用性仍相对缺乏研究。为填补这一空白，我们开展了一项实证用户研究（n=32名参与者），采用定性与定量相结合的方法，评估了三种基于脑电和三种基于眼动的身份验证机制。实验结果显示，根据系统可用性量表（SUS）评价，两类机制均具有较好的整体可用性，平均SUS得分介于78.6-79.6之间，最优机制获得“优秀”评级。参与者特别认为脑电波身份验证比眼动身份验证更安全，但更具隐私侵入性和操作强度。然而，大量中性反馈表明参与者需要更多关于这些身份验证方法安全与隐私影响方面的详细信息。基于收集到的证据，我们确定了三个关键改进方向：隐私保护、身份验证界面设计与验证时间。我们为设计师和开发者提出了提升下一代身份验证机制可用性与安全性的建议。