Title: Guidelines for designing graphical authentication mechanism interfaces

Authors: K.V. Renaud

Addresses: Department of Computing Science, Faculty of Mathematical and Information Systems, University of Glasgow, UK

Abstract: The password era is drawing to a close. The latest technology is being released without keyboards, which makes password entry insecure and arduous. Furthermore, everyone is straining under the burden of multiple passwords and Personal Identification Numbers (PINs), and a viable knowledge-based alternative is urgently required. In the last few years a number of innovative graphical authentication mechanisms, which use pictures instead of alphanumeric strings, have been proposed. There is long-standing evidence that people remember pictures far better than they remember alphanumeric strings, so in terms of easing the memory load, pictures seem to offer a viable alternative. However, what is emerging from current research is that the design of such a graphical authentication mechanism interface can either make or break it, both in terms of security and usability. This paper will discuss various design options and make recommendations about how such systems should be designed in order to make them maximally efficacious while considering the level of risk associated with the resource being protected by the mechanism.

Keywords: graphical authentication; pictures; design options; guidelines; efficacy; information security; computer security.

DOI: 10.1504/IJICS.2009.026621

International Journal of Information and Computer Security, 2009 Vol.3 No.1, pp.60 - 85

Published online: 21 Jun 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article