Web authentication using Mikon images

Renaud, K. (2009) Web authentication using Mikon images. In: 2009 World Congress on Privacy, Security, Trust and the Management of e-Business, Saint John, NB, Canada, 25-27 Aug 2009, pp. 79-88.

Full text not currently available from Enlighten.

Publisher's URL: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=5341710&contentType=Conference+Publications&sortType%3Dasc_p_Sequence%26filter%3DAND%28p_IS_Number%3A5341679%29

Abstract

Authentication is mostly achieved by means of the ubiquitous password. This is sub optimal in some settings, such as for user groups with cognitive or language difficulties. Many Web-based systems have user groups with widely ranging capabilities, and more innovative authentication mechanisms should be investigated to enhance usability and accessibility while still delivering the required level of security to authorise legitimate users. This paper presents details of an authentication system which relies on the user identifying previously drawn Mikons. Mikons are self-drawn icon-like images, meant to depict a message the artist wants to convey at that point in time. These are drawn, at enrolment, using an embedded shock wave component within a browser. At authentication the user identifies his or her own Mikons from challenge sets, each containing one of the user's Mikon and a number of distractor Mikons. The efficacy of Mikons in this setting was investigated by using them in a recognition-based authentication system to authorise users of an online homework system over an eight month period. The Mikon-based system performed very well in terms of memorability and scalability, as anticipated, thus achieving the level of accessibility hoped for. A measure of predictability was observed, with a few of the participants being able to link sets of Mikons to their creators, but this did not pose a security risk to the system. This study shows that Mikon authentication has the potential to be a viable alternative to passwords for systems where the security requirement is secondary to other, more important, considerations. Such systems are usually low-risk and are often used by users with developmental, language or cognitive difficulties, or by users who are not yet literate. The imposition of a password on such users can be overly stringent and excessively demanding in terms of scarce cognitive resources. In this context, therefore, Mikons area viable alternative to meet the needs of the target user group.

Item Type:Conference Proceedings
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Renaud, Professor Karen
Authors: Renaud, K.
College/School:College of Science and Engineering > School of Computing Science

University Staff: Request a correction | Enlighten Editors: Update this record