Improving Children's Authentication Practices with Respect to Graphical Authentication Mechanism

A variety of authentication mechanisms are used for online applications to protect user’s data. Prior literature identifies that adults and children often utilize weak authentication practices and our own initial research corroborates that children often create weak usernames and passwords. One reason children adopt weak authentication practices is due to difficulties in remembering their usernames and passwords. Existing literature suggests that people are better at remembering graphical information than text and words. In this dissertation, my research goal is to improve the usability and security of children’s authentication mechanisms. My research includes designing, developing, and evaluating a new graphical user authentication mechanism for children where children choose a sequence of pictures as their password. In our studies, this mechanism, named KidsPic, allowed children (ages 6-11) to create and remember their passwords better than an alphanumeric password. Usability studies identified areas needing further investigation with regards to usability and security. With regards to usability: we investigated whether resolution influences picture selection, the influence of category order on memorability, if the number of objects in a picture influences its selection, and if picture features like dominant colors influences picture selection. With regards to security: we designed and implemented mechanisms to mitigate brute-force and shoulder surfing attacks. For guessing attacks, we conducted a usability study with child dyads. The results and analysis from these additional usability research objectives revealed no influence of picture resolution, order of picture categories, number of objects in each picture, and dominant colors on children choosing pictures for their password. The security research objectives resulted in design enhancements of KidsPic that mitigate bruteforce, shoulder surfing, and guessing attacks.