Investigating User Authentication in the Context of Older Adults

Knowledge-based authentication is almost ubiquitous due to low cost and relatively straightforward implementation. Despite its popularity, there are some well-known problems associated with knowledge-based authentication, such as the cognitive load of memorising multiple codes. As people age and their memory declines, remembering multiple codes is even more challenging. Due to lack of objective evidence regarding the performance of older adults with existing knowledge-based systems, a study was carried out where younger and older participants were required to learn and remember multiple PIN codes and their performance was evaluated over a three-week period. The results from this PIN study demonstrated a clear age effect where younger participants performed significantly more accurately and faster than the older participants. These results reiterated the need for authentication systems that are inclusive of older users and provided a benchmark performance measure for future evaluations. In the next phase four graphical authentication systems (GAS) were evaluated with younger and older adults using the same methodology as the PIN study to determine whether any of them were an improvement. The first system, Tiles, was based on a single image and participants were required to recognise segments of their image from segments taken from other images and yielded disappointing results where overall performance was not an improvement over that of PINs. The second and third systems tested were picture-based and face-based recognition systems. The performance of older participants was promising, especially with the face-based system but the systems could be improved to be more suitable for older users. In the final study, the face-based system was improved by using old faces and ensuring that no two codes shared a face. The results from the final face-based system provide preliminary evidence that a graphical authentication system that is inclusive of older adults may be achievable if designed correctly.

[1]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[2]  Nasir D. Memon,et al.  Modeling user choice in the PassPoints graphical password scheme , 2007, SOUPS '07.

[3]  J. Bartlett,et al.  Young and old faces in young and old heads: the factor of age in face recognition. , 1991, Psychology and aging.

[4]  Lynn Hasher,et al.  Working Memory, Comprehension, and Aging: A Review and a New View , 1988 .

[5]  Gavriel Salvendy,et al.  Improving computer security for authentication of users: Influence of proactive password restrictions , 2002, Behavior research methods, instruments, & computers : a journal of the Psychonomic Society, Inc.

[6]  Bruce Schneier,et al.  The psychology of security , 2007, CACM.

[7]  Cheryl L Grady,et al.  Changes in memory processing with age , 2000, Current Opinion in Neurobiology.

[8]  Richard M. Shiffrin,et al.  UvA-DARE ( Digital Academic Repository ) Models for recall and recognition , 2006 .

[9]  Patrick Olivier,et al.  A security assessment of tiles: a new portfolio-based graphical authentication system , 2012, CHI EA '12.

[10]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[11]  H Intraub,et al.  Levels of processing and picture memory: the physical superiority effect. , 1985, Journal of experimental psychology. Learning, memory, and cognition.

[12]  R. Morrell,et al.  Effects of contextual integration on recall of pictures by older adults. , 1990, Journal of gerontology.

[13]  Nicola Brace,et al.  The psychology of human face recognition , 2000 .

[14]  Endel Tulving,et al.  Encoding specificity and retrieval processes in episodic memory. , 1973 .

[15]  Max Planck,et al.  Age of face matters: Age-group differences in ratings of young and old faces , 2008 .

[16]  Steve Stewart-Williams,et al.  Face recognition and aging: Effects of target age and memory load , 2005, Memory & cognition.

[17]  Josep Blat,et al.  About the relevance of accessibility barriers in the everyday interactions of older people with the web , 2009, W4A.

[18]  J. Bartlett,et al.  Age differences in accuracy and choosing in eyewitness identification and face recognition , 1999, Memory & cognition.

[19]  Arjun Jaiswal,et al.  Graphical Password Authentication using Cued Click Points , 2014 .

[20]  D. Park,et al.  Memory for pictures: does an age-related decline exist? , 1986, Psychology and aging.

[21]  Ross J. Anderson,et al.  A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs , 2012, Financial Cryptography.

[22]  Edward W. Felten,et al.  Password management strategies for online accounts , 2006, SOUPS '06.

[23]  Helmut Schneider,et al.  The domino effect of password reuse , 2004, CACM.

[24]  Mark Blythe,et al.  Eighty something: banking for the older old , 2011, BCS HCI.

[25]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[26]  A. Young,et al.  Understanding face recognition. , 1986, British journal of psychology.

[27]  Wendy Moncur,et al.  Pictures at the ATM: exploring the usability of multiple graphical passwords , 2007, CHI.

[28]  Eugene Borgida,et al.  The Differential Impact of Abstract vs. Concrete Information on Decisions , 1977 .

[29]  J. Brigham,et al.  Cross-racial Recognition and Age: When You're Over 60, Do They Still "All Look Alike?" , 1979 .

[30]  L. Bäckman,et al.  Recognition memory across the adult life span: The role of prior knowledge , 1991, Memory & cognition.

[31]  P. V. Oorschot,et al.  Multiple Password Interference in Text and Click-Based Graphical Passwords , 2008 .

[32]  Sacha Brostoff,et al.  “Ten strikes and you're out”: Increasing the number of login attempts can improve password usability , 2003 .

[33]  K. Ng,et al.  Ageing effect on face recognition , 2007 .

[34]  Endel Tulving,et al.  Continuity between recall and recognition. , 1973 .

[35]  R. Knight,et al.  Age-related top-down suppression deficit in the early stages of cortical visual memory processing , 2008, Proceedings of the National Academy of Sciences.

[36]  Joshua Cook,et al.  Improving password security and memorability to protect personal and organizational information , 2007, Int. J. Hum. Comput. Stud..

[37]  Graham J Hole,et al.  Evidence for a contact-based explanation of the own-age bias in face recognition , 2009, Psychonomic bulletin & review.

[38]  Leslie G. Ungerleider,et al.  Age-related reductions in human recognition memory due to impaired encoding. , 1995, Science.

[39]  L. Goossens,et al.  Facts and fiction about memory aging: a quantitative integration of research findings. , 1993, Journal of gerontology.

[40]  Marcia K. Johnson,et al.  Feature memory and binding in young and older adults , 1996, Memory & cognition.

[41]  Patrick Olivier,et al.  Securing passfaces for description , 2008, SOUPS '08.

[42]  V. Bruce Changing faces: visual and non-visual coding processes in face recognition. , 1982, British journal of psychology.

[43]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[44]  J. Bartlett,et al.  Familiarity and recognition of faces in old age , 1991, Memory & cognition.

[45]  A. Treisman,et al.  Binding in short-term visual memory. , 2002, Journal of experimental psychology. General.

[46]  A. D. Fisk,et al.  Age-related differences in movement control: adjusting submovement structure to optimize performance. , 1997, The journals of gerontology. Series B, Psychological sciences and social sciences.

[47]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[48]  D. Schacter,et al.  Gist-Based False Recognition of Pictures in Older and Younger Adults , 1997 .

[49]  Paul Dourish,et al.  Security in the wild: user strategies for managing security as an everyday, practical problem , 2004, Personal and Ubiquitous Computing.

[50]  Jason I. Hong,et al.  A diary study of password usage in daily life , 2011, CHI.

[51]  Larry Holt Increasing real-world security of user IDs and passwords , 2011, InfoSecCD.

[52]  T Valentine,et al.  The effect of race, inversion and encoding activity upon face recognition. , 1986, Acta psychologica.

[53]  Tadayoshi Kohno,et al.  A comprehensive study of frequency, interference, and training of multiple graphical passwords , 2009, CHI.

[54]  L. Standing Learning 10000 pictures , 1973 .

[55]  H. Kay Learning of a Serial Task by Different Age Groups , 1951 .

[56]  F. Sartucci,et al.  Sex differences in face gender recognition in humans , 2004, Brain Research Bulletin.

[57]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[58]  M. Naveh-Benjamin,et al.  The associative memory deficit of older adults: the role of strategy utilization. , 2007, Psychology and aging.

[59]  Arthur D. Fisk,et al.  Toward an understanding of age-related memory and visual search effects. , 1991 .

[60]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[61]  Paul C. van Oorschot,et al.  Passwords: If We're So Smart, Why Are We Still Using Them? , 2009, Financial Cryptography.

[62]  Benjamin B. M. Shao,et al.  The usability of passphrases for authentication: An empirical field study , 2007, Int. J. Hum. Comput. Stud..

[63]  K. Cherry,et al.  Age differences in memory for concrete and abstract pictures. , 1990, Journal of gerontology.

[64]  V. Bruce,et al.  Face Recognition in Poor-Quality Video: Evidence From Security Surveillance , 1999 .

[65]  B. G. Rule,et al.  Adult age differences in working memory. , 1989, Psychology and aging.

[66]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[67]  Agneta Herlitz,et al.  Women's own-gender bias in face recognition memory. , 2011, Experimental psychology.

[68]  R. Nickerson,et al.  SHORT-TERM MEMORY FOR COMPLEX MEANINGFUL VISUAL CONFIGURATIONS: A DEMONSTRATION OF CAPACITY. , 1965, Canadian journal of psychology.

[69]  Karen Renaud,et al.  Guidelines for designing graphical authentication mechanism interfaces , 2009, Int. J. Inf. Comput. Secur..

[70]  Lujo Bauer,et al.  Of passwords and people: measuring the effect of password-composition policies , 2011, CHI.

[71]  R. Haber,et al.  Perception and memory for pictures: Single-trial learning of 2500 visual stimuli , 1970 .

[72]  Bruno Rossion,et al.  Holistic Processing Is Finely Tuned for Faces of One's Own Race , 2006, Psychological science.

[73]  David B. Mitchell,et al.  Semantic activation and episodic memory: age similarities and differences , 1986 .

[74]  D. Levin Race as a visual feature: using visual search and perceptual discrimination tasks to understand face categories and the cross-race recognition deficit. , 2000, Journal of experimental psychology. General.

[75]  Mervyn A. Jack,et al.  User perceptions of security, convenience and usability for ebanking authentication tokens , 2009, Comput. Secur..

[76]  J. Vousden,et al.  Adult age differences in short-term memory for serial order: data and a model. , 1999, Psychology and aging.

[77]  V. Bruce,et al.  Matching identities of familiar and unfamiliar faces caught on CCTV images. , 2001, Journal of experimental psychology. Applied.

[78]  Matthew G. Rhodes,et al.  An own-age bias in face recognition for children and older adults , 2005, Psychonomic bulletin & review.

[79]  H D Ellis,et al.  The effect of attractiveness on recognition memory for faces. , 1973, The American journal of psychology.

[80]  F. Rudmin,et al.  The coming PIN code epidemic: A survey study of memory of numeric security codes , 2010 .

[81]  J. Brigham,et al.  Thirty years of investigating the own-race bias in memory for faces: A meta-analytic review , 2001 .

[82]  Alain Forget,et al.  Influencing users towards better passwords: persuasive cued click-points , 2008 .

[83]  T. Salthouse,et al.  Temporal memory over the adult lifespan. , 1988, The American journal of psychology.

[84]  Lars Bäckman,et al.  Forgetting Numbers in Old Age: Strategy and Learning Speed Matter , 2005, Gerontology.

[85]  Lars Bäckman,et al.  Rate of acquisition, adult age, and basic cognitive abilities predict forgetting: new views on a classic problem. , 2006, Journal of experimental psychology. General.

[86]  Karen Renaud A Visuo-Biometric Authentication Mechanism for Older Users , 2005, BCS HCI.

[87]  N. J. Slamecka,et al.  The Generation Effect: Delineation of a Phenomenon , 1978 .

[88]  Mike Just,et al.  Personal choice and challenge questions: a security and usability assessment , 2009, SOUPS.

[89]  S. Harnad Psychophysical and cognitive aspects of categorical perception: A critical overview , 1987 .

[90]  M. Naveh-Benjamin,et al.  Adult age differences in episodic memory: further support for an associative-deficit hypothesis. , 2003, Journal of experimental psychology. Learning, memory, and cognition.

[91]  D C Park,et al.  Forgetting of pictures over a long retention interval in young and older adults. , 1988, Psychology and aging.

[92]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.

[93]  D. Park,et al.  Memory for pictures, words, and spatial location in older adults: evidence for pictorial superiority. , 1983, Journal of gerontology.

[94]  Lorrie Faith Cranor,et al.  Human selection of mnemonic phrase-based passwords , 2006, SOUPS '06.

[95]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[96]  M. Naveh-Benjamin Adult age differences in memory performance: tests of an associative deficit hypothesis. , 2000, Journal of experimental psychology. Learning, memory, and cognition.

[97]  Jeff Yan,et al.  Do background images improve "draw a secret" graphical passwords? , 2007, CCS '07.

[98]  R. Shepard Recognition memory for words, sentences, and pictures , 1967 .

[99]  Peter E Morris,et al.  Attractiveness, distinctiveness, and recognition of faces: attractive faces can be typical or distinctive but are not better recognized. , 2003, The American journal of psychology.

[100]  V. S. Reed,et al.  Pictorial superiority effect. , 1976, Journal of experimental psychology. Human learning and memory.

[101]  Mike Just,et al.  Designing and evaluating challenge-question systems , 2004, IEEE Security & Privacy Magazine.

[102]  F. Craik,et al.  Age differences in recall and recognition , 1987 .

[103]  Sudhir Aggarwal,et al.  Testing metrics for password creation policies by attacking large sets of revealed passwords , 2010, CCS '10.

[104]  Alan J. Parkin Memory: Phenomena, Experiment and Theory , 1993 .

[105]  Thomas S. Tullis,et al.  Can users remember their pictorial passwords six years later , 2011, CHI EA '11.

[106]  A. Baddeley Human Memory: Theory and Practice, Revised Edition , 1990 .

[107]  Thomas R. Alley,et al.  Attractiveness and the memorability of faces : Only a matter of distinctiveness? , 1997 .

[108]  Marcia K. Johnson,et al.  fMRI evidence of age-related hippocampal dysfunction in feature binding in working memory. , 2000, Brain research. Cognitive brain research.

[109]  Barbara S. Chaparro,et al.  Evaluating websites for older adults: adherence to ‘senior-friendly’ guidelines and end-user performance , 2008, Behav. Inf. Technol..

[110]  Amy D. Rose,et al.  Handbook of Adult and Continuing Education , 2000 .

[111]  Hilary Johnson,et al.  Using and managing multiple passwords: A week to a view , 2011, Interact. Comput..

[112]  Eugene Winograd,et al.  Adult Age Differences in Remembering Faces. , 1978 .

[113]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[114]  John M. Gardiner,et al.  An appreciation of generate-recognize theory of recall , 1979 .

[115]  S. Schweinberger,et al.  The age of the beholder: ERP evidence of an own-age bias in face memory , 2008, Neuropsychologia.

[116]  Julie Thorpe,et al.  Purely Automated Attacks on PassPoints-Style Graphical Passwords , 2010, IEEE Transactions on Information Forensics and Security.

[117]  Antonella De Angeli,et al.  VIP: a visual approach to user authentication , 2002, AVI '02.

[118]  William E Hockley,et al.  The picture superiority effect in associative recognition , 2008, Memory & cognition.

[119]  V. Bruce,et al.  Recognition of unfamiliar faces , 2000, Trends in Cognitive Sciences.

[120]  Denise C Park,et al.  Theoretical models of cognitive aging and implications for translational research in medicine. , 2003, The Gerontologist.

[121]  Arthur D. Fisk,et al.  Designing for Older Adults: Principles and Creative Human Factors Approaches , 2004 .

[122]  M. Angela Sasse,et al.  The true cost of unusable password policies: password use in the wild , 2010, CHI.

[123]  L Sjöberg,et al.  Information Technology Risks as Seen by the Public , 2001, Risk analysis : an official publication of the Society for Risk Analysis.

[124]  M. Angela Sasse,et al.  Evaluating the usability and security of a graphical one-time PIN system , 2010, BCS HCI.

[125]  Matthew G. Rhodes,et al.  The own-age bias in face recognition: a meta-analytic and theoretical review. , 2012, Psychological bulletin.

[126]  Patrick Olivier,et al.  On automated image choice for secure and usable graphical passwords , 2012, ACSAC '12.

[127]  Nasir D. Memon,et al.  Authentication using graphical passwords: effects of tolerance and image choice , 2005, SOUPS '05.

[128]  M. Naveh-Benjamin,et al.  Differential effects of age on item and associative measures of memory: a meta-analysis. , 2008, Psychology and aging.

[129]  Benjamin B. M. Shao,et al.  A Behavioral Analysis of Passphrase Design and Effectiveness , 2009, J. Assoc. Inf. Syst..

[130]  M. Van der Linden,et al.  The Effects of Aging on the Recognition of Different Types of Associations , 2005, Experimental aging research.

[131]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[132]  T. Salthouse Mediation of Adult Age Differences in Cognition by Reductions in Working Memory and Speed of Processing , 1991 .

[133]  Alexander De Luca,et al.  PassShapes: utilizing stroke based authentication to increase password memorability , 2008, NordiCHI.

[134]  E Winograd,et al.  Aging and the picture superiority effect in recall. , 1982, Journal of gerontology.

[135]  David J. Madden,et al.  Aging and distraction by highly familiar stimuli during visual search. , 1983 .

[136]  S. L. Sporer,et al.  Deep--deeper--deepest? Encoding strategies and the recognition of human faces. , 1991, Journal of experimental psychology. Learning, memory, and cognition.

[137]  H. Roediger,et al.  Altering retrieval demands reverses the picture superiority effect , 1987, Memory & cognition.

[138]  James W Tanaka,et al.  An Encoding Advantage for Own-Race versus Other-Race Faces , 2003, Perception.

[139]  V. Bruce,et al.  What's Distinctive about a Distinctive Face? , 1994, The Quarterly journal of experimental psychology. A, Human experimental psychology.

[140]  D. Schonfield,et al.  Memory storage and aging. , 1966, Canadian journal of psychology.

[141]  Natalie C. Ebner,et al.  FACES—A database of facial expressions in young, middle-aged, and older women and men: Development and validation , 2010, Behavior research methods.