Developing and evaluating a gestural and tactile mobile interface to support user authentication

As awareness grows surrounding the importance of protecting sensitive data, stored on or accessed through a mobile device, a need has been identified to develop authentication schemes which better match the needs of users, and are more resistant to observer attacks. This paper describes the design and evaluation of H4Plock (pronounced “Hap-lock”), a novel authentication mechanism to address the situation. In order to authenticate, the user enters up to four pre-selected on-screen gestures, informed by tactile prompts. The system has been designed in such a way that the sequence of gestures will vary on each authentication attempt, reducing the capability of a shoulder surfer to recreate entry. 94.1% of participants were able to properly authenticate using H4Plock, with 73.3% successfully accessing the system after a gap of five days without rehearsal. Only 23.5% of participants were able to successfully recreate passcodes in a video-based attack scenario, where gestures were unique in design and entered at different locations around the interface

Universal design for website authentication:views and experiences of senior citizens

Using digital devices and online products and services requires users to regularly authenticate themselves. Given that the vast majority of websites use passwords to authenticate users, this study focuses on the accessibility and inclusivity of this mechanism, using Universal Design Principles as a lens. Collecting and analysing autobiographical narrative data from 50 respondents, we use a qualitative approach to explore the views and experiences of senior citizens across various phases of website authentication. Our analysis uncovers barriers and challenges, leading to several undesirable consequences, when authentication is not accessible and inclusive. Our findings also show how users, many of whom have cognitive and other age-related infirmities which are seldom accommodated in authentication design, try to cope with these issues. Our findings show how authentication may fail to align with the principles of universal design and highlight considerations in making authentication more accessible and inclusive for all users