Authenticating spontaneous interactions between devices and users is 
challenging for several reasons: the wireless (and therefore invisible) nature 
of device communication, the heterogeneous nature of devices and lack of 
appropriate user interfaces in mobile devices, and the requirement for 
unobtrusive user interaction. The most promising approach that has been 
proposed in literature involves the exploitation of so-called auxiliary 
channels for authentication to bridge the gap between usability and security. 
This concept has spawned the independent development of various authentication 
methods and research prototypes, that, unfortunately, remain hard to compare 
and interchange and are rarely available to potential application developers. 
We built a system which implements and unifies these approaches. In this 
paper, we present OpenUAT, an open source toolkit that implements our novel, 
unified cryptographic authentication protocol (UACAP), and a comprehensive 
range of specific auxiliary channels. We evaluated OpenUAT based on a user 
study in which we compared four authentication methods implemented by the 
toolkit. The user study showed that users tend to prefer the visual channel in 
spite of its comparatively poor performance.