Candidate: Dhanush Kumar Ratakonda – Computer Science Emphasis
Title: Improving Children’s Authentication Practices with Respect to Graphical Authentication Mechanism
Program: Doctor of Philosophy in Computing
Advisor: Dr. Jerry Alan Fails, Computer Science
Committee Members: Dr. Maria Soledad Pera, Computer Science, and Dr. Hoda Mehrpouyan, Computer Science
Zoom Link: Dhanush’s Zoom Meeting
A variety of authentication mechanisms are used for online applications to protect user’s data. Prior literature identifies that adults and children often utilize weak authentication practices and our own initial research corroborates that children often create weak usernames and passwords. One reason children adopt weak authentication practices is due to difficulties in remembering their usernames and passwords. Existing literature suggests that people are better at remembering graphical information than text and words. In this work, I present research to improve the memorability and security of children’s authentication mechanisms by designing, developing, and evaluating a new graphical user authentication mechanism for children where children choose a sequence of pictures as their password. This mechanism, named KidsPic, was designed with the goal of making it easier to remember for children and matching the theoretical password space of traditional alphanumeric authentication mechanisms. I have led formative studies with children ages 6-11, where we designed and evaluated KidsPic with children. The formative studies showed that children could remember their created KidsPic password better than an alphanumeric password. These results led us to a larger usability study.
The results from the initial usability studies helped identify additional research objectives that helped us further improve the usability and security of sequential pictorial passwords such as KidsPic. With regards to usability: we investigated whether resolution influences picture selection, the influence of category order on memorability, if the number of objects in a picture influences its selection, and if picture features like dominant colors influences picture selection. With regards to security: we designed and implemented mechanisms to mitigate brute-force and shoulder surfing attacks. For guessing attacks, we conducted a usability study with child dyads. The results and analysis from the usability research objectives revealed no influence of picture resolution, order of picture categories, number of objects in each picture, and dominant colors on children choosing pictures for their password. The security research objectives resulted in design enhancements of KidsPic that mitigate brute-force, shoulder surfing, and guessing attacks.