ABSTRACT
Graphical authentication systems typically claim to be more usable than PIN or password-based systems, but these claims often follow limited, single-stage paradigm testing on a young, student population. We present a more demanding test paradigm in which multiple codes are learned and tested over a three-week period. We use this paradigm with two user populations, comparing the performance of younger and older adults. We first establish baseline performance in a study in which populations of younger and older adults learn PIN codes and we follow this with a second study in which younger and older adults use two face-based graphical authentication systems employing young faces vs. old faces as code components. As expected, older adults show relatively poor performance when compared to younger adults, irrespective of the authentication material, but this age-related deficit can be markedly reduced by the introduction of age-appropriate faces. We conclude firstly that this paradigm provides a good basis for the future evaluation of memory-based authentication systems and secondly that age-appropriate face-based authentication is viable in the security marketplace.
- Adams, A. and Sasse, M.A. Users are not the enemy. Communications of the ACM 42, 12 (1999), 40--46. Google ScholarDigital Library
- Anastasi, J.S. and Rhodes, M.G. Evidence for an own-age bias in face recognition. North American Journal of Psychology 8, 2 (2006), 237--25Google Scholar
- Anastasi, J.S. and Rhodes, M.G. An own-age bias in face recognition for children and older adults. Psychonomic Bulletin & Review 12, 6 (2005), 1043--1047.Google ScholarCross Ref
- Baddeley, A. and Scott, D. Short term forgetting in the absence of proactive interference. The Quarterly Journal of Experimental Psychology 23, 3 (1971), 275--283.Google ScholarCross Ref
- Biddle, R., Chiasson, S., and Oorschot, P. Van. Graphical passwords: Learning from the first twelve years. ACM Computing Surveys (CSUR) 44, 4 (2012), 1--43. Google ScholarDigital Library
- Brostoff, S. and Sasse, M. Are Passfaces more usable than passwords? A field trial investigation. In Proc. of HCI, (2000), 405--424.Google ScholarCross Ref
- Bruce, V., Burton, M., and Dench, N. What's distinctive about a distinctive face? The Quarterly Journal of Experimental Psychology Section A 47, 1 (1994), 119--141.Google ScholarCross Ref
- Chiasson, S., Forget, A., Stobert, E., Oorschot, P.C. Van, and Biddle, R. Multiple Password Interference in Text and Click-Based Graphical Passwords. In Proc. of CCS, (2009), 500--511. Google ScholarDigital Library
- Clancy, S.M. and Hoyer, W.J. Age and skill in visual search. Developmental Psychology 30, 4 (1994), 545--552.Google ScholarCross Ref
- Craik, F. and Jennings, J. Human Memory. In The Handbook of Aging and Cognition. 1992, 51--1Google Scholar
- Craik, F. and Bialystok, E. Cognition through the lifespan: mechanisms of change. Trends in Cognitive Sciences 10, 3 (2006), 131--138.Google ScholarCross Ref
- Davis, D., Monrose, F., and Reiter, M. On user choice in graphical password schemes. In Proc. of the 13th conference on USENIX Security Symposium-Volume 13, USENIX Association Berkeley, CA, USA (2004), 11. Google ScholarDigital Library
- De Angeli, A., Coutts, M., Coventry, L., Johnson, G., Cameron, D., and Fischer, M. VIP: a visual approach to user authentication. In Proc. of the WCAVI, (2002), 316--323. Google ScholarDigital Library
- Derwinger, A., Stigsdotter Neely, A., MacDonald, S., and Bäckman, L. Forgetting numbers in old age: strategy and learning speed matter. Gerontology 51, 4 (2005), 277--84.Google ScholarCross Ref
- Dhamija, R. and Perrig, A. Deja vu: A user study using images for authentication. In Proc. USENIX Security Symposium, (2000), 45--48. Google ScholarDigital Library
- Dirik, A.E., Memon, N., and Birget, J.-C. Modeling user choice in the PassPoints graphical password scheme. In Proc. SOUPS, (2007), 20--28. Google ScholarDigital Library
- Dunphy, P., Nicholson, J., and Olivier, P.L. Securing Passfaces for Description. In Proc. SOUPS, (2008), 24--35. Google ScholarDigital Library
- Ebner, N.C., Riediger, M., and Lindenberger, U. FACES--a database of facial expressions in young, middle-aged, and older women and men: development and validation. Behavior Research Methods 42, 1 (2010), 351--62.Google ScholarCross Ref
- Everitt, K.M., Bragin, T., Fogarty, J., and Kohno, T. A comprehensive study of frequency, interference, and training of multiple graphical passwords. In Proc. of CHI, ACM New York, NY, USA (2009), 889--898. Google ScholarDigital Library
- Feldmeier, D. and Karn, P. Unix password security-ten years later. In Proc. of CRYPTO, (1990), 1-- Google ScholarDigital Library
- Ferris, S.H., Crook, T., Clark, E., McCarthy, M., and Rae, D. Facial recognition memory deficits in normal aging and senile dementia. Journal of Gerontology 35, 5 (1980), 707--14.Google ScholarCross Ref
- Hart, T., Chaparro, B., and Halcomb, C. Evaluating websites for older adults: adherence to \'18senior-friendly' guidelines and end-user performance. Behaviour & Information Technology 27, 3 (2008), 191--199. Google ScholarDigital Library
- Ives, B., Walsh, K.R., and Schneider, H. The domino effect of password reuse. Communications of the ACM 47, 4 (2004), 75--78. Google ScholarDigital Library
- Kausler, D.H., Salthouse, T., and Saults, J.S. Temporal memory over the adult lifespan. The American Journal of Psychology 101, 2 (1988), 207--215.Google ScholarCross Ref
- Lovén, J., Herlitz, A., and Rehnman, J. Women's own-gender bias in face recognition memory. Experimental Psychology 58, 4 (2011), 333--340.Google ScholarCross Ref
- Meissner, C. a. and Brigham, J.C. Thirty years of investigating the own-race bias in memory for faces: A meta-analytic review. Psychology, Public Policy, and Law 7, 1 (2001), 3--35.Google Scholar
- Moncur, W. and LePlâtre, G. Pictures at the ATM - Exploring the usability of multiple graphical passwords. In Proc. of CHI, (2007), 887--894. Google ScholarDigital Library
- Naveh-Benjamin, M., Brav, T.K., and Levy, O. The associative memory deficit of older adults: the role of strategy utilization. Psychology and Aging 22, 1 (2007), 202--208.Google ScholarCross Ref
- Naveh-Benjamin, M., Hussain, Z., Guez, J., and Bar-On, M. Adult age differences in episodic memory: further support for an associative-deficit hypothesis. Journal of Experimental Psychology: Learning, Memory, and Cognition 29, 5 (2003), 826--837.Google Scholar
- Nelson, D., Reed, V., and Walling, J. Pictorial superiority effect. Journal of Experimental Psychology: Human Learning and Memory 2, 5 (1976), 523--528.Google ScholarCross Ref
- Oorschot, P.C. van, Salehi-Abari, A., and Thorpe, J. Purely Automated Attacks on PassPoints-Style Graphical Passwords. IEEE Transactions on Information Forensics and Security 5, 3 (2010), 393--405. Google ScholarDigital Library
- Park, D., Puglisi, J., and Smith, A. Memory for pictures: Does an age-related decline exist? Journal of Psychology and Aging 1, 1 (1986), 11--17.Google ScholarCross Ref
- Park, D., Royal, D., Dudley, W., and Morrell, R. Forgetting of Pictures Over a Long Retention Interval. Psychology and Aging 3, 1 (1988), 94--95.Google ScholarCross Ref
- Peach, S., Vorster, J., and Heerden, R. Van. Heuristic attacks against graphical password generators. 2010.Google Scholar
- Pike, G., Kemp, R., and Brace, N. The psychology of human face recognition. IEE Colloquium on Visual Biometrics, (2000), 11--17.Google ScholarCross Ref
- Rasmussen, M. and Rudmin, F.W. The coming PIN code epidemic: A survey study of memory of numeric security codes. Electronic Journal of Applied Psychology 6, 2 (2010), 5--9v.Google Scholar
- Rhodes, M.G. and Anastasi, J.S. The own-age bias in face recognition: a meta-analytic and theoretical review. Psychological Bulletin 138, 1 (2012), 146--74.Google ScholarCross Ref
- Thorpe, J. and Oorschot, P. van. Human-seeded attacks and exploiting hot-spots in graphical passwords. 16th USENIX Security Symposium, (2007), 103--118. Google ScholarDigital Library
- Valentine, T. An evaluation of the Passface personal authentication system. (Technical Report). London: Goldsmiths College University of London, (1998).Google Scholar
- Valentine, T. Memory for Passfaces after a long delay. (Technical Report). London: Goldsmiths College University of London, (1999).Google Scholar
- West, R.L., Crook, T.H., and Barron, K.L. Everyday memory performance across the life span: effects of age and noncognitive individual differences. Psychology and aging 7, 1 (1992), 72--82.Google Scholar
- Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., and Memon, N. PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies 63, 1--2 (2005), 102--127. Google ScholarDigital Library
Index Terms
- Age-related performance issues for PIN and face-based authentication systems
Recommendations
Faces and Pictures: Understanding age differences in two types of graphical authentications
Recall of knowledge-based authentication codes such as passwords and PINs can be problematic, particularly for older adults given the known memory decline associated with ageing. We explored the extent to which recognition-based Graphical Authentication ...
A longitudinal evaluation of the acceptability and impact of a diet diary app for older adults with age-related macular degeneration
MobileHCI '16: Proceedings of the 18th International Conference on Human-Computer Interaction with Mobile Devices and ServicesOngoing advances in technology are increasing the scope for enhancing and supporting older adults' daily living. The digital divide between older and younger adults raises concerns, however, about the suitability of technological solutions for older ...
Web usability and age: how design changes can improve performance
CUU '03: Proceedings of the 2003 conference on Universal usabilityWe conducted two usability studies that included a total of 49 participants ranging in age from 20 to 82. The goal of Study 1 was to learn whether there were differences in how older adults interact with the Web and whether changes in text size would ...
Comments