Abstract
Knowledge-based authentication is the oldest and most widely used form of authentication, but it is still problematic. We present a model of the effects of usage cost variables (e.g., code length, required motion precisions) on authentication performance (time for authentication, error rate) and on the decision to use authentication. We tested model predictions in two experiments in which participants played an investment game and had to use authentication to change their investment. We manipulated the authentication method (personal identification number vs. graphical password), the required precision for authentication, the code length, and time pressure. The variables affected authentication decisions and performance, but the effects were not the same. Also, when the graphical password required greater response precision, performance and subjective ratings decreased dramatically, much more than predicted by combining the effects of the variables independently. These results point to a number of issues that must be considered when designing authentication procedures.
| Original language | American English |
|---|---|
| Pages (from-to) | 130-148 |
| Number of pages | 19 |
| Journal | Journal of Cognitive Engineering and Decision Making |
| Volume | 9 |
| Issue number | 2 |
| DOIs | |
| State | Published - 4 Jun 2015 |
Keywords
- PIN
- authentication
- cybersecurity
- decision making
- graphical password
- mobile security
- security model
- usable security
All Science Journal Classification (ASJC) codes
- Human Factors and Ergonomics
- Engineering (miscellaneous)
- Applied Psychology
- Computer Science Applications