Abstract
Young children routinely authenticate themselves with alphanumeric passwords, but are probably not ready to use them, due to their emerging literacy and immaturity. They might adopt insecure coping tactics, which are likely to become entrenched. Because children have a superior pictorial recognition ability, graphical authentication mechanisms are likely to be more suitable mechanisms for this demographic.
We propose and study KidzPass, a configurable graphical authentication framework, which can be used to tailor these mechanisms for children of different ages. We carried out two empirical investigations with children aged 4-5 and 6-7 using personalised images as secrets (familiar faces and self-drawn doodles). KidzPass proved efficacious and our young participants (ages 4-7) mostly preferred it to text passwords. The personalised images maximise memorability, but are time intensive to obtain. As children mature, it might be possible to replace these with generic images. We thus carried out a final empirical study with older children using generic images (chosen by the researcher). The third study indicated that generic images can indeed be viable if they display particular qualities, which we enumerate.
From our experiences and the research literature, we conclude by providing principles to inform the design and evaluation of age-appropriate authentication mechanisms for young children, both from an ethical and technical perspective.
We propose and study KidzPass, a configurable graphical authentication framework, which can be used to tailor these mechanisms for children of different ages. We carried out two empirical investigations with children aged 4-5 and 6-7 using personalised images as secrets (familiar faces and self-drawn doodles). KidzPass proved efficacious and our young participants (ages 4-7) mostly preferred it to text passwords. The personalised images maximise memorability, but are time intensive to obtain. As children mature, it might be possible to replace these with generic images. We thus carried out a final empirical study with older children using generic images (chosen by the researcher). The third study indicated that generic images can indeed be viable if they display particular qualities, which we enumerate.
From our experiences and the research literature, we conclude by providing principles to inform the design and evaluation of age-appropriate authentication mechanisms for young children, both from an ethical and technical perspective.
Original language | English |
---|---|
Article number | 2 |
Number of pages | 32 |
Journal | AIS Transactions on Human Computer Interaction |
Volume | 13 |
Issue number | 4 |
DOIs | |
Publication status | Published - 31 Dec 2021 |
Keywords
- KidzPass
- computing for children
- cybersecurity
- computer security