Principles for designing authentication mechanisms for young children: lessons learned from KidzPass

Karen Renaud, Melanie Volkamer, Peter Mayer, Rüdiger Grimm

Research output: Contribution to journalArticlepeer-review

25 Downloads (Pure)

Abstract

Young children routinely authenticate themselves with alphanumeric passwords, but are probably not ready to use them, due to their emerging literacy and immaturity. They might adopt insecure coping tactics, which are likely to become entrenched. Because children have a superior pictorial recognition ability, graphical authentication mechanisms are likely to be more suitable mechanisms for this demographic.

We propose and study KidzPass, a configurable graphical authentication framework, which can be used to tailor these mechanisms for children of different ages. We carried out two empirical investigations with children aged 4-5 and 6-7 using personalised images as secrets (familiar faces and self-drawn doodles). KidzPass proved efficacious and our young participants (ages 4-7) mostly preferred it to text passwords. The personalised images maximise memorability, but are time intensive to obtain. As children mature, it might be possible to replace these with generic images. We thus carried out a final empirical study with older children using generic images (chosen by the researcher). The third study indicated that generic images can indeed be viable if they display particular qualities, which we enumerate.
From our experiences and the research literature, we conclude by providing principles to inform the design and evaluation of age-appropriate authentication mechanisms for young children, both from an ethical and technical perspective.
Original languageEnglish
Article number2
Number of pages32
JournalAIS Transactions on Human Computer Interaction
Volume13
Issue number4
DOIs
Publication statusPublished - 31 Dec 2021

Keywords

  • KidzPass
  • computing for children
  • cybersecurity
  • computer security

Fingerprint

Dive into the research topics of 'Principles for designing authentication mechanisms for young children: lessons learned from KidzPass'. Together they form a unique fingerprint.

Cite this