Guidelines are based on scientific sources.
| Name | Designing Graphical Authentication Mechanism Interfaces |
| Sources | (K. V. Renaud, 2009) |
| Synonyms | None |
| Context | Graphical authentication mechanisms for user-interfaces |
| Item 1 | Target Pictures “Assign at least 4 secret pictures, stage a challenge set for each on separate pages and make use of decoy pages.” |
| Item 2 | Challenge set size “There is no definitive research into optimal challenge set size, but PassDoodle (K. Renaud, 2009) and Portfolio (De Angeli et al., 2002)] have successfully used 16 pictures per challenge set, which can safely be used as the upper limit in the absence of research into the optimal size. It should be borne in mind that the larger the challenge set, the more time the user is likely to take to identify the target. Once again security (requiring a large number of distractors) and the need to allow a user to authenticate efficiently, war with each other.” |
| Item 3 | Picture Size “Choose the largest possible picture size so that the entire challenge set is viewable without scrolling. This is somewhat constrained by the storage space required to store all the authentication pictures: the larger the picture the more space it consumes. It is also constrained by the need to display the entire challenge set without requiring left-right scrolling.” |
| Item 4 | Distractors “Fix the distractors if the environment allows refreshing but vary them if not.” |
| Item 5 | Picture Type “If the resource being protected is high risk, developers should not allow users to choose their target pictures, but if the risk is deemed to be low enough, it will enhance memorability if users can choose their own pictures. In terms of memorability, faces perform very well. If a face database is not available, a picture archive can be assembled. However, in choosing pictures for the archive, care should be taken to ensure that pictures are easily named, have high picture fidelity, can be viewed in the required size and are sufficiently small so that the storage requirements are reasonable. If possible, pictures should be semantically tagged so that the system can choose distractors that are less likely to confuse the user.” |
| Item 6 | Input Modality “Users should be allowed to type in the number of the picture or click on it, whichever they prefer, as shown in Figure 4. This allows them to adopt behaviour which protects them if they are being observed. This kind of dual input modality was provided by (Komanduri, 2007) to users in his authentication mechanism trials. He found that most users preferred to use the mouse to click on their picture. However, the provision of this facility is undoubtedly handy if a user feels that he or she is being observed. Other observability techniques can be imposed if the risk level of the system is high enough to warrant it.” |
| Item 7 | Analysability “If the mechanism is used on the Web, ensure that pages expire immediately. Also randomise picture names, and do not store in directories titled with the user identifier.” |
| Item 8 | Error Messages “Ensure that error messages do not provide information that could be helpful to an intruder.” |
| Item 9 | Replacement “Provide users with an easy and secure way to replace their secret pictures. Log all accesses and report the last successful and unsuccessful access to the users as soon as they have authenticated themselves successfully. Finally, permit users to lock their accounts should they suspect that their secret key has been compromised.” |
| Item 10 | Progress Indicators “Ensure that users being authenticated know exactly what is expected of them, and what to do to recover should they be locked out of a system. Users need to be fully aware of their progress through authentication stages. Figure 5 demonstrates two progress indicators used during authentication. The user knows that once authentication has completed, a feedback stage will be commenced. Furthermore, one can clearly see that the user has clicked on the first picture, that the system is currently waiting for the second choice and that two more choices are required.” [Principle] Revocability [Principle] Understandability |
| Item 11 | Don’t use only audio “if feedback needs to be provided, it can be provided by means of an audible noise, but it must be augmented visually, so that deaf users are not excluded.” |
| Item 12 | Ensure that it is clear which screen item has focus “this means that it should be absolutely clear what is required of the user at each stage of the authentication process. Developers should provide clear instructions eg. “Click on your picture”.” [Principle] Understandability |
| Item 13 | Don’t hardcode timeouts “some systems time authentication attempts to detect spurious activity: too fast and it might be a computer, too slow and someone is trying to work out which pictures could belong to the user. If a timeout is used, it should be personalised so that it sets the timeout to that particular user’s average authenticatation time instead of using the same timeout for all users.” |
| Item 14 | Test with different monitors “This is vital for graphical authentication. The pictures need to be screened and all low contrast pictures must be filtered or removed so that different monitor settings do not render the pictures indistinguishable or difficult to identify.” |
| Examples | None |
| Related Guidelines | Graphical Passwords on Smartphones Guidelines for successful authentication Password Guidance: Simplifying Your Approach |
| Tags | Graphical Authentication, Interface, User Interface Design Guidelines |
| Log history | [01/18/2019]: Added to repository |
De Angeli, A., Coutts, M., Coventry, L., Johnson, G.I., Cameron, D., Fischer, M.H., 2002. VIP: A visual approach to user authentication, in: Proceedings of the Working Conference on Advanced Visual Interfaces, AVI ’02. ACM, New York, NY, USA, pp. 316–323. doi:10.1145/1556262.1556312
Komanduri, S., 2007. Improving password usability with visual techniques (Masters thesis). Bowling Green State University.
Renaud, K., 2009. On user involvement in production of images used in visual authentication. Journal of Visual Languages & Computing 20, 1–15. doi:https://doi.org/10.1016/j.jvlc.2008.04.001
Renaud, K.V., 2009. Guidelines for designing graphical authentication mechanism interfaces. Int. J. Inf. Comput. Secur. 3, 60–85. doi:10.1504/IJICS.2009.026621