Investigating User Behavior for Authentication Methods: A Comparison between Individuals with Down Syndrome and Neurotypical Users

A wide variety of authentication mechanisms have been designed to ensure information security. Individuals with cognitive disabilities depend on computers and the Internet for a variety of tasks and, therefore, use authentication applications on an everyday basis. However, although there have been numerous studies investigating password usage by neurotypical users, there have been no research studies conducted to examine the use of authentication methods by individuals with cognitive disabilities. In this article, we systematically investigate how individuals with cognitive disabilities, specifically Down syndrome (DS), interact with various user authentication mechanisms. This research provides the first benchmark data on the performance of individuals with DS when using multiple authentication methods. It confirms that individuals with DS are capable of using the traditional alphanumeric passwords with reasonable efficiency. The passwords created by individuals with DS are of similar strength to those created by neurotypical people. Graphic passwords are not as effective as traditional alphanumeric and mnemonic passwords regarding efficiency, and are less preferred by the participants. Based on the findings of the study, we propose design guidelines that aim to assist both practitioners and researchers in designing and developing effective authentication applications that fit the specific needs of individuals with DS.

[1]  Jonathan Lazar,et al.  Understanding the computer skills of adult expert users with down syndrome: an exploratory study , 2011, ASSETS.

[2]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[3]  Ravi Kuber,et al.  Feasibility study of tactile-based authentication , 2010, Int. J. Hum. Comput. Stud..

[4]  Richard E. Ladner,et al.  PassChords: secure multi-touch authentication for blind people , 2012, ASSETS '12.

[5]  Antonella De Angeli,et al.  Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems , 2005, Int. J. Hum. Comput. Stud..

[6]  M. Marcell,et al.  Short-term memory difficulties and Down's syndrome. , 2008, Journal of mental deficiency research.

[7]  Harry Hochheiser,et al.  Towards A Universally Usable Human Interaction Proof: Evaluation of Task Completion Strategies , 2010, TACC.

[8]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[9]  Hilary Johnson,et al.  Using and managing multiple passwords: A week to a view , 2011, Interact. Comput..

[10]  Moshe Zviran,et al.  Cognitive passwords: The key to easy access control , 1990, Comput. Secur..

[11]  Ian McKinlay Down Syndrome: Living and Learning in the Community , 1995 .

[12]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[13]  Ravi Kuber,et al.  Tactile vs Graphical Authentication , 2010, EuroHaptics.

[14]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[15]  Lorrie Faith Cranor,et al.  Human selection of mnemonic phrase-based passwords , 2006, SOUPS '06.

[16]  A. Ant Ozok,et al.  Computer Usage by Children with Down Syndrome: Challenges and Future Research , 2010, TACC.

[17]  R S Chapman,et al.  Sequential recall in individuals with Down syndrome. , 1994, Journal of speech and hearing research.

[18]  Jonathan Lazar,et al.  Computer usage by young individuals with down syndrome: an exploratory study , 2008, Assets '08.

[19]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[20]  Ruimin Hu,et al.  Investigating input technologies for children and young adults with Down syndrome , 2011, Universal Access in the Information Society.

[21]  Tadayoshi Kohno,et al.  A comprehensive study of frequency, interference, and training of multiple graphical passwords , 2009, CHI.

[22]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[23]  L. Standing Learning 10000 pictures , 1973 .

[24]  Wendy Moncur,et al.  Pictures at the ATM: exploring the usability of multiple graphical passwords , 2007, CHI.

[25]  Alain Forget,et al.  Multiple password interference in text passwords and click-based graphical passwords , 2009, CCS.

[26]  Volker Roth,et al.  Accessible Authentication via Tactile PIN Entry , 2006 .

[27]  Shaojian Zhu,et al.  Don't listen! I am dictating my password! , 2009, Assets '09.

[28]  Harry Hochheiser,et al.  Accessible privacy and security: a universally usable human-interaction proof tool , 2010, Universal Access in the Information Society.

[29]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[30]  Michael C. Pyryt Human cognitive abilities: A survey of factor analytic studies , 1998 .

[31]  Kirsi Helkala Disabilities and Authentication Methods: Usability and Security , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[32]  A D Baddeley,et al.  Short-term memory in Down syndrome: applying the working memory model. , 2001, Down's syndrome, research and practice : the journal of the Sarah Duffen Centre.

[33]  B. Malek,et al.  Haptic-Based Sensible Graphical Password , 2007 .

[34]  Alan D. Baddeley,et al.  Long-Term Memory for Verbal and Visual Information in Down Syndrome and Williams Syndrome: Performance on the Doors and People Test , 2007, Cortex.

[35]  Nicolas Christin,et al.  Security through a different kind of obscurity: evaluating distortion in graphical authentication schemes , 2011, CHI.

[36]  Lorrie Faith Cranor,et al.  Security and Usability: Designing Secure Systems that People Can Use , 2005 .

[37]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[38]  Borka Jerman-Blazic,et al.  On designing usable and secure recognition-based graphical authentication mechanisms , 2011, Interact. Comput..

[39]  Harry Hochheiser,et al.  Research Methods for Human-Computer Interaction , 2008 .

[40]  Wm. Arthur Conklin,et al.  Password-based authentication: a system perspective , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[41]  P. Vernon,et al.  The distinctiveness of field independence. , 1972, Journal of personality.

[42]  Jonathan Lazar,et al.  A usability evaluation of workplace-related tasks on a multi-touch tablet computer by adults with Down syndrome , 2012 .

[43]  Yao Ma,et al.  Evaluating Usability of Three Authentication Methods in Web-Based Application , 2011, 2011 Ninth International Conference on Software Engineering Research, Management and Applications.

[44]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[45]  Tanja Popovic,et al.  Improved national prevalence estimates for 18 selected major birth defects--United States, 1999-2001. , 2006, MMWR. Morbidity and mortality weekly report.

[46]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[47]  Laurence Urdang,et al.  Idioms and Phrases Index , 1985 .

[48]  Dante Cicchetti,et al.  Children with Down Syndrome: A Developmental Perspective , 1990 .

[49]  Luis von Ahn,et al.  Human computation , 2009, 2009 46th ACM/IEEE Design Automation Conference.

[50]  Yao Ma,et al.  Investigating authentication methods used by individuals with down syndrome , 2012, ASSETS '12.

[51]  Ravi Kuber,et al.  Toward tactile authentication for blind users , 2010, ASSETS '10.

[52]  P. Vernon,et al.  The distinctive ness of field independence , 1972 .

[53]  Antonella De Angeli,et al.  VIP: a visual approach to user authentication , 2002, AVI '02.

[54]  Andrew Sears,et al.  Representing users in accessibility research , 2012, TACC.

[55]  Nicolas Christin,et al.  Use Your Illusion: secure authentication usable anywhere , 2008, SOUPS '08.