research-article

Age-related performance issues for PIN and face-based authentication systems

Authors:

James Nicholson,

Lynne Coventry,

Pam BriggsAuthors Info & Claims

CHI '13: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Pages 323 - 332

https://doi.org/10.1145/2470654.2470701

Published: 27 April 2013 Publication History

Abstract

Graphical authentication systems typically claim to be more usable than PIN or password-based systems, but these claims often follow limited, single-stage paradigm testing on a young, student population. We present a more demanding test paradigm in which multiple codes are learned and tested over a three-week period. We use this paradigm with two user populations, comparing the performance of younger and older adults. We first establish baseline performance in a study in which populations of younger and older adults learn PIN codes and we follow this with a second study in which younger and older adults use two face-based graphical authentication systems employing young faces vs. old faces as code components. As expected, older adults show relatively poor performance when compared to younger adults, irrespective of the authentication material, but this age-related deficit can be markedly reduced by the introduction of age-appropriate faces. We conclude firstly that this paradigm provides a good basis for the future evaluation of memory-based authentication systems and secondly that age-appropriate face-based authentication is viable in the security marketplace.

References

[1]

Adams, A. and Sasse, M.A. Users are not the enemy. Communications of the ACM 42, 12 (1999), 40--46.

Digital Library

[2]

Anastasi, J.S. and Rhodes, M.G. Evidence for an own-age bias in face recognition. North American Journal of Psychology 8, 2 (2006), 237--25

[3]

Anastasi, J.S. and Rhodes, M.G. An own-age bias in face recognition for children and older adults. Psychonomic Bulletin & Review 12, 6 (2005), 1043--1047.

[4]

Baddeley, A. and Scott, D. Short term forgetting in the absence of proactive interference. The Quarterly Journal of Experimental Psychology 23, 3 (1971), 275--283.

[5]

Biddle, R., Chiasson, S., and Oorschot, P. Van. Graphical passwords: Learning from the first twelve years. ACM Computing Surveys (CSUR) 44, 4 (2012), 1--43.

Digital Library

[6]

Brostoff, S. and Sasse, M. Are Passfaces more usable than passwords? A field trial investigation. In Proc. of HCI, (2000), 405--424.

[7]

Bruce, V., Burton, M., and Dench, N. What's distinctive about a distinctive face? The Quarterly Journal of Experimental Psychology Section A 47, 1 (1994), 119--141.

[8]

Chiasson, S., Forget, A., Stobert, E., Oorschot, P.C. Van, and Biddle, R. Multiple Password Interference in Text and Click-Based Graphical Passwords. In Proc. of CCS, (2009), 500--511.

Digital Library

[9]

Clancy, S.M. and Hoyer, W.J. Age and skill in visual search. Developmental Psychology 30, 4 (1994), 545--552.

[10]

Craik, F. and Jennings, J. Human Memory. In The Handbook of Aging and Cognition. 1992, 51--1

[11]

Craik, F. and Bialystok, E. Cognition through the lifespan: mechanisms of change. Trends in Cognitive Sciences 10, 3 (2006), 131--138.

[12]

Davis, D., Monrose, F., and Reiter, M. On user choice in graphical password schemes. In Proc. of the 13th conference on USENIX Security Symposium-Volume 13, USENIX Association Berkeley, CA, USA (2004), 11.

Digital Library

[13]

De Angeli, A., Coutts, M., Coventry, L., Johnson, G., Cameron, D., and Fischer, M. VIP: a visual approach to user authentication. In Proc. of the WCAVI, (2002), 316--323.

Digital Library

[14]

Derwinger, A., Stigsdotter Neely, A., MacDonald, S., and Bäckman, L. Forgetting numbers in old age: strategy and learning speed matter. Gerontology 51, 4 (2005), 277--84.

[15]

Dhamija, R. and Perrig, A. Deja vu: A user study using images for authentication. In Proc. USENIX Security Symposium, (2000), 45--48.

Digital Library

[16]

Dirik, A.E., Memon, N., and Birget, J.-C. Modeling user choice in the PassPoints graphical password scheme. In Proc. SOUPS, (2007), 20--28.

Digital Library

[17]

Dunphy, P., Nicholson, J., and Olivier, P.L. Securing Passfaces for Description. In Proc. SOUPS, (2008), 24--35.

Digital Library

[18]

Ebner, N.C., Riediger, M., and Lindenberger, U. FACES--a database of facial expressions in young, middle-aged, and older women and men: development and validation. Behavior Research Methods 42, 1 (2010), 351--62.

[19]

Everitt, K.M., Bragin, T., Fogarty, J., and Kohno, T. A comprehensive study of frequency, interference, and training of multiple graphical passwords. In Proc. of CHI, ACM New York, NY, USA (2009), 889--898.

Digital Library

[20]

Feldmeier, D. and Karn, P. Unix password security-ten years later. In Proc. of CRYPTO, (1990), 1--

Digital Library

[21]

Ferris, S.H., Crook, T., Clark, E., McCarthy, M., and Rae, D. Facial recognition memory deficits in normal aging and senile dementia. Journal of Gerontology 35, 5 (1980), 707--14.

[22]

Hart, T., Chaparro, B., and Halcomb, C. Evaluating websites for older adults: adherence to \'18senior-friendly' guidelines and end-user performance. Behaviour & Information Technology 27, 3 (2008), 191--199.

Digital Library

[23]

Ives, B., Walsh, K.R., and Schneider, H. The domino effect of password reuse. Communications of the ACM 47, 4 (2004), 75--78.

Digital Library

[24]

Kausler, D.H., Salthouse, T., and Saults, J.S. Temporal memory over the adult lifespan. The American Journal of Psychology 101, 2 (1988), 207--215.

[25]

Lovén, J., Herlitz, A., and Rehnman, J. Women's own-gender bias in face recognition memory. Experimental Psychology 58, 4 (2011), 333--340.

[26]

Meissner, C. a. and Brigham, J.C. Thirty years of investigating the own-race bias in memory for faces: A meta-analytic review. Psychology, Public Policy, and Law 7, 1 (2001), 3--35.

[27]

Moncur, W. and LePlâtre, G. Pictures at the ATM - Exploring the usability of multiple graphical passwords. In Proc. of CHI, (2007), 887--894.

Digital Library

[28]

Naveh-Benjamin, M., Brav, T.K., and Levy, O. The associative memory deficit of older adults: the role of strategy utilization. Psychology and Aging 22, 1 (2007), 202--208.

[29]

Naveh-Benjamin, M., Hussain, Z., Guez, J., and Bar-On, M. Adult age differences in episodic memory: further support for an associative-deficit hypothesis. Journal of Experimental Psychology: Learning, Memory, and Cognition 29, 5 (2003), 826--837.

[30]

Nelson, D., Reed, V., and Walling, J. Pictorial superiority effect. Journal of Experimental Psychology: Human Learning and Memory 2, 5 (1976), 523--528.

[31]

Oorschot, P.C. van, Salehi-Abari, A., and Thorpe, J. Purely Automated Attacks on PassPoints-Style Graphical Passwords. IEEE Transactions on Information Forensics and Security 5, 3 (2010), 393--405.

Digital Library

[32]

Park, D., Puglisi, J., and Smith, A. Memory for pictures: Does an age-related decline exist? Journal of Psychology and Aging 1, 1 (1986), 11--17.

[33]

Park, D., Royal, D., Dudley, W., and Morrell, R. Forgetting of Pictures Over a Long Retention Interval. Psychology and Aging 3, 1 (1988), 94--95.

[34]

Peach, S., Vorster, J., and Heerden, R. Van. Heuristic attacks against graphical password generators. 2010.

[35]

Pike, G., Kemp, R., and Brace, N. The psychology of human face recognition. IEE Colloquium on Visual Biometrics, (2000), 11--17.

[36]

Rasmussen, M. and Rudmin, F.W. The coming PIN code epidemic: A survey study of memory of numeric security codes. Electronic Journal of Applied Psychology 6, 2 (2010), 5--9v.

[37]

Rhodes, M.G. and Anastasi, J.S. The own-age bias in face recognition: a meta-analytic and theoretical review. Psychological Bulletin 138, 1 (2012), 146--74.

[38]

Thorpe, J. and Oorschot, P. van. Human-seeded attacks and exploiting hot-spots in graphical passwords. 16th USENIX Security Symposium, (2007), 103--118.

Digital Library

[39]

Valentine, T. An evaluation of the Passface personal authentication system. (Technical Report). London: Goldsmiths College University of London, (1998).

[40]

Valentine, T. Memory for Passfaces after a long delay. (Technical Report). London: Goldsmiths College University of London, (1999).

[41]

West, R.L., Crook, T.H., and Barron, K.L. Everyday memory performance across the life span: effects of age and noncognitive individual differences. Psychology and aging 7, 1 (1992), 72--82.

[42]

Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., and Memon, N. PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies 63, 1--2 (2005), 102--127.

Digital Library

Cited By

Lawrence MWang Y(2024)Revolutionizing IoT Security: Integrating Audio Data Transfer and Multi-Factor Authentication with Smartphones2024 IEEE International Conference on Electro Information Technology (eIT)10.1109/eIT60633.2024.10609946(310-315)Online publication date: 30-May-2024
https://doi.org/10.1109/eIT60633.2024.10609946
Erinola ABuckmann AFriedauer JYardım ASasse M(2023)“As Usual, I Needed Assistance of a Seeing Person”: Experiences and Challenges of People with Disabilities and Authentication Methods2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW59978.2023.00070(575-593)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSPW59978.2023.00070
Mendel TSchuster RTromer EToch E(2022)Toward Proactive Support for Older AdultsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35172496:1(1-25)Online publication date: 29-Mar-2022
https://dl.acm.org/doi/10.1145/3517249
Show More Cited By

Index Terms

Age-related performance issues for PIN and face-based authentication systems
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

A longitudinal evaluation of the acceptability and impact of a diet diary app for older adults with age-related macular degeneration
MobileHCI '16: Proceedings of the 18th International Conference on Human-Computer Interaction with Mobile Devices and Services

Ongoing advances in technology are increasing the scope for enhancing and supporting older adults' daily living. The digital divide between older and younger adults raises concerns, however, about the suitability of technological solutions for older ...
Faces and Pictures: Understanding age differences in two types of graphical authentications

Recall of knowledge-based authentication codes such as passwords and PINs can be problematic, particularly for older adults given the known memory decline associated with ageing. We explored the extent to which recognition-based Graphical Authentication ...
Web usability and age: how design changes can improve performance
CUU '03: Proceedings of the 2003 conference on Universal usability

We conducted two usability studies that included a total of 49 participants ranging in age from 20 to 82. The goal of Study 1 was to learn whether there were differences in how older adults interact with the Web and whether changes in text size would ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI '13: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

April 2013

3550 pages

ISBN:9781450318990

DOI:10.1145/2470654

General Chair:
Wendy E. Mackay
INRIA
,
Program Chairs:
Stephen Brewster
Glasgow University
,
Susanne Bødker
University of Aarhus

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 April 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CHI '13

Sponsor:

SIGCHI

CHI '13: CHI Conference on Human Factors in Computing Systems

April 27 - May 2, 2013

Paris, France

Acceptance Rates

CHI '13 Paper Acceptance Rate 392 of 1,963 submissions, 20%;

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

37
Total Citations
View Citations
685
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)2

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lawrence MWang Y(2024)Revolutionizing IoT Security: Integrating Audio Data Transfer and Multi-Factor Authentication with Smartphones2024 IEEE International Conference on Electro Information Technology (eIT)10.1109/eIT60633.2024.10609946(310-315)Online publication date: 30-May-2024
https://doi.org/10.1109/eIT60633.2024.10609946
Erinola ABuckmann AFriedauer JYardım ASasse M(2023)“As Usual, I Needed Assistance of a Seeing Person”: Experiences and Challenges of People with Disabilities and Authentication Methods2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW59978.2023.00070(575-593)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSPW59978.2023.00070
Mendel TSchuster RTromer EToch E(2022)Toward Proactive Support for Older AdultsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35172496:1(1-25)Online publication date: 29-Mar-2022
https://dl.acm.org/doi/10.1145/3517249
Petrie HMerdenyan BXie C(2022)Password Challenges for Older People in China and the United KingdomComputers Helping People with Special Needs10.1007/978-3-031-08645-8_5(34-40)Online publication date: 11-Jul-2022
https://dl.acm.org/doi/10.1007/978-3-031-08645-8_5
Nicholson JTerry JBeckett HKumar P(2021)Understanding Young People's Experiences of CybersecurityProceedings of the 2021 European Symposium on Usable Security10.1145/3481357.3481520(200-210)Online publication date: 11-Oct-2021
https://dl.acm.org/doi/10.1145/3481357.3481520
Ndako Adama VOyebisi Oyefolahan INdunagu JLamas DNeves Cabral Domingos LOgunyemi AOrji RBidwell NMboya A(2021)Pure Recall-Based Graphical User Authentication Schemes: Perspectives from a Closer Look3rd African Human-Computer Interaction Conference: Inclusiveness and Empowerment10.1145/3448696.3448721(141-145)Online publication date: 8-Mar-2021
https://dl.acm.org/doi/10.1145/3448696.3448721
Liang CYu CWei XXu XHu YWang YShi YKitamura YQuigley AIsbister KIgarashi TBjørn PDrucker S(2021)Auth+Track: Enabling Authentication Free Interaction on Smartphone by Continuous User TrackingProceedings of the 2021 CHI Conference on Human Factors in Computing Systems10.1145/3411764.3445624(1-16)Online publication date: 6-May-2021
https://dl.acm.org/doi/10.1145/3411764.3445624
Hassan ANuseibeh BPasquale L(2021)Engineering Adaptive Authentication2021 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)10.1109/ACSOS-C52956.2021.00068(275-280)Online publication date: Sep-2021
https://doi.org/10.1109/ACSOS-C52956.2021.00068
Kaur AMustafa K(2021)Preference-Oriented Password-Based AuthenticationInformation and Communication Technology for Competitive Strategies (ICTCS 2020)10.1007/978-981-16-0739-4_89(953-965)Online publication date: 27-Jul-2021
https://doi.org/10.1007/978-981-16-0739-4_89
Evtimova PNicholson J(2021)Exploring the Acceptability of Graphical Passwords for People with DyslexiaHuman-Computer Interaction – INTERACT 202110.1007/978-3-030-85623-6_14(213-222)Online publication date: 26-Aug-2021
https://doi.org/10.1007/978-3-030-85623-6_14
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents