Assessing image-based authentication techniques in a web-based environment

MZ Jali, SM Furnell, PS Haskell-Dowland

Research output: Contribution to journalArticlepeer-review

Abstract

Purpose – The purpose of this paper is to assess the usability of two image-based authentication methods when used in the web-based environment. The evaluated approaches involve clicking secret points within a single image (click-based) and remembering a set of images in the correct sequence (choice-based). Design/methodology/approach – A “one-to-one” usability study was conducted in which participants had to complete three main tasks; namely authentication tasks (register, confirm and login), spot the difference activity and provide feedback. Findings – From analysing the results in terms of timing, number of attempts, user feedback, accuracy and predictability, it is found that the choice-based approach is better in terms of usability, whereas the click-based method performed better in terms of timing and is rated more secure against social engineering. Research limitations/implications – The majority of participants are from the academic sector (students, lecturers, etc.) and had up to seven years' IT experience. To obtain more statistically significant results, it is proposed that participants should be obtained from various sectors, having a more varied IT experience. Practical implications – The results suggest that in order for image-based authentication to be used in the web environment, more work is needed to increase the usability, while at the same time maintaining the security of both techniques. Originality/value – This paper enables a direct comparison of the usability of two alternative image-based techniques, with the studies using the same set of participants and the same set of environment settings.
Original languageEnglish
Pages (from-to)43-53
Number of pages0
JournalInformation Management & Computer Security
Volume18
Issue number1
Publication statusPublished - 2 Jan 2010

Fingerprint

Dive into the research topics of 'Assessing image-based authentication techniques in a web-based environment'. Together they form a unique fingerprint.

Cite this