Principles for designing authentication mechanisms for young children : lessons learned from KidzPass

Renaud, Karen and Volkamer, Melanie and Mayer, Peter and Grimm, Rüdiger (2021) Principles for designing authentication mechanisms for young children : lessons learned from KidzPass. AIS Transactions on Human Computer Interaction, 13 (4). 2. ISSN 1944-3900 (https://doi.org/10.17705/1thci.00155)

[thumbnail of Renaud-etal-TOCHI-2021-Principles-for-Designing-Authentication-Mechanisms-for-Young-Children]
Preview
 Text. Filename: Renaud_etal_TOCHI_2021_Principles_for_Designing_Authentication_Mechanisms_for_Young_Children.pdf
Accepted Author Manuscript
Download (10MB)| Preview

Abstract

Young children routinely authenticate themselves with alphanumeric passwords, but are probably not ready to use them, due to their emerging literacy and immaturity. They might adopt insecure coping tactics, which are likely to become entrenched. Because children have a superior pictorial recognition ability, graphical authentication mechanisms are likely to be more suitable mechanisms for this demographic. We propose and study KidzPass, a configurable graphical authentication framework, which can be used to tailor these mechanisms for children of different ages. We carried out two empirical investigations with children aged 4-5 and 6-7 using personalised images as secrets (familiar faces and self-drawn doodles). KidzPass proved efficacious and our young participants (ages 4-7) mostly preferred it to text passwords. The personalised images maximise memorability, but are time intensive to obtain. As children mature, it might be possible to replace these with generic images. We thus carried out a final empirical study with older children using generic images (chosen by the researcher). The third study indicated that generic images can indeed be viable if they display particular qualities, which we enumerate. From our experiences and the research literature, we conclude by providing principles to inform the design and evaluation of age-appropriate authentication mechanisms for young children, both from an ethical and technical perspective.

CORE (COnnecting REpositories)