Abstract
Alphanumeric passwords are still the most common form of user authentication despite well-known usability issues. These issues, including weak composition and poor memorability, have been well-established across different user groups, yet users with dyslexia have not been studied despite making up approximately 10% of the population. In this paper, we focus on understanding the user authentication experiences of people with dyslexia (PwD) in order to better understanding their attitudes towards a graphical password system that may provide a more inclusive experience. Through interactive interviews, participants were encouraged to try three different knowledge-based authentication systems (PIN, password, and graphical password) and then discuss their strategies behind code composition. We found that PwD employed potentially dangerous workarounds when composing passwords, in particular an over-reliance on pattern-based composition. We report on how PwD do not immediately see the benefits of graphical passwords, but upon experiencing the mechanism we see opportunities for more inclusive authentication.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Meyer, B.: COMB: over 3.2 Billion Email/Password Combinations Leaked. https://cybernews.com/news/largest-compilation-of-emails-and-passwords-leaked-free/
Stobert, E., Biddle, R.: The password life cycle. ACM Trans. Priv. Secur. 21, 13:1–13:32 (2018). https://doi.org/10.1145/3183341
National Cyber Security Centre: Password Guidance: Simplifying Your Approach. National Cyber Security Centre (2015)
Das, A., Bonneau, J., Caesar, M., Borisov, N., Wang, X.: The Tangled Web of Password Reuse. Presented at the NDSS (2014)
Sprenger-Charolles, L., Siegel, L.S., Jiménez, J.E., Ziegler, J.C.: Prevalence and reliability of phonological, surface, and mixed profiles in dyslexia: a review of studies conducted in languages varying in orthographic depth. Sci. Stud. Read. 15, 498–521 (2011). https://doi.org/10.1080/10888438.2010.524463
Renaud, K., Johnson, G., Ophoff, J.: Dyslexia and password usage: accessibility in authentication design. In: Clarke, N., Furnell, S. (eds.) HAISA 2021. IAICT, vol. 593, pp. 259–268. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57404-8_20
Kanniainen, L., Kiili, C., Tolvanen, A., Aro, M., Leppänen, P.H.T.: Literacy skills and online research and comprehension: struggling readers face difficulties online. Read. Writ. 32(9), 2201–2222 (2019). https://doi.org/10.1007/s11145-019-09944-9
Biddle, R., Chiasson, S., Van Oorschot, P.C.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. 44, 19:1–19:41 (2012). https://doi.org/10.1145/2333112.2333114
Snowling, M.J., Gallagher, A., Frith, U.: Family risk of dyslexia is continuous: individual differences in the precursors of reading skill. Child Dev. 74, 358–373 (2003). https://doi.org/10.1111/1467-8624.7402003
British Dyslexia Association: Dyslexia (2021). https://www.bdadyslexia.org.uk/dyslexia
Baddeley, A.D., Logie, R.H., Ellis, N.C.: Characteristics of developmental dyslexia. Cognition 29, 197–228 (1988). https://doi.org/10.1016/0010-0277(88)90024-8
Kvikne, B., Berget, G.: When Trustworthy Information Becomes Inaccessible: The Search Behaviour of Users with Dyslexia in an Online Encyclopedia. IOS Press (2018)
Andresen, A., Anmarkrud, Ø., Bråten, I.: Investigating multiple source use among students with and without dyslexia. Read. Writ. 32(5), 1149–1174 (2018). https://doi.org/10.1007/s11145-018-9904-z
Helkala, K.: Disabilities and authentication methods: usability and security. In: 2012 Seventh International Conference on Availability, Reliability and Security. pp. 327–334 (2012)
Whitty, M., Doodson, J., Creese, S., Hodges, D.: Individual differences in cyber security behaviors: an examination of who is sharing passwords. Cyberpsychol. Behav. Soc. Netw. 18, 3–7 (2014). https://doi.org/10.1089/cyber.2014.0179
Tam, L., Glassman, M., Vandenwauver, M.: The psychology of password management: a tradeoff between security and convenience. Behav. Inf. Technol. 29, 233–244 (2010). https://doi.org/10.1080/01449290903121386
Stanton, B., Theofanos, M., Spickard Prettyman, S., Furman, S.: Security fatigue. IT Prof. 18, 26–32 (2016). https://doi.org/10.1109/MITP.2016.84
Ur, B., et al.: ‘I Added “!” at the End to Make It Secure’: Observing Password Creation in the Lab. Presented at the Eleventh Symposium on Usable Privacy and Security ({SOUPS} 2015) (2015)
Wash, R., Rader, E., Berman, R., Wellmer, Z.: Understanding Password Choices: How Frequently Entered Passwords Are Re-used across Websites. Presented at the Twelfth Symposium on Usable Privacy and Security ({SOUPS} 2016) (2016)
Just, M., Aspinall, D.: Personal choice and challenge questions: a security and usability assessment. In: Proceedings of the 5th Symposium on Usable Privacy and Security, pp. 1–11. Association for Computing Machinery, New York, NY, USA (2009)
Chiasson, S., van Oorschot, P.C., Biddle, R.: Graphical password authentication using cued click points. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 359–374. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74835-9_24
Nicholson, J., Coventry, L., Briggs, P.: Age-related performance issues for PIN and face-based authentication systems. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 323–332. Association for Computing Machinery, New York, NY, USA (2013). https://doi.org/10.1145/2470654.2470701
Marne, S.T., Al-Ameen, M.N., Wright, M.: Learning System-assigned Passwords: A Preliminary Study on the People with Learning Disabilities. Presented at the Thirteenth Symposium on Usable Privacy and Security ({SOUPS} 2017) (2017)
Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3, 77–101 (2006). https://doi.org/10.1191/1478088706qp063oa
Ericsson, K.A., Simon, H.A.: Verbal reports as data. Psychol. Rev. 87, 215–251 (1980). https://doi.org/10.1037/0033-295X.87.3.215
Li, Y., Wang, H., Sun, K.: Personal information in passwords and its security implications. IEEE Trans. Inf. Forensics Secur. 12, 2320–2333 (2017). https://doi.org/10.1109/TIFS.2017.2705627
Davis, F.D.: User acceptance of information technology: system characteristics, user perceptions and behavioral impacts. Int. J. Man Mach. Stud. 38, 475–487 (1993). https://doi.org/10.1006/imms.1993.1022
Shay, R., et al.: Can long passwords be secure and usable? In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2927–2936. Association for Computing Machinery, New York, NY, USA (2014)
Schnotz, W.: An integrated model of text and picture comprehension. In: Mayer, R. (ed.) The Cambridge Handbook of Multimedia Learning. Cambridge University Press (2005)
NordPass: Top 200 Most Common Passwords of 2020. https://nordpass.com/most-common-passwords-list/
Thorpe, J., van Oorschot, P.C.: Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. Presented at the 16th USENIX Security Symposium (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
1 Electronic supplementary material
Below is the link to the electronic supplementary material.
Supplementary file1 (MP4 11737 kb)
Supplementary file2 (MP4 13269 kb)
Rights and permissions
Copyright information
© 2021 IFIP International Federation for Information Processing
About this paper
Cite this paper
Evtimova, P., Nicholson, J. (2021). Exploring the Acceptability of Graphical Passwords for People with Dyslexia. In: Ardito, C., et al. Human-Computer Interaction – INTERACT 2021. INTERACT 2021. Lecture Notes in Computer Science(), vol 12932. Springer, Cham. https://doi.org/10.1007/978-3-030-85623-6_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-85623-6_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-85622-9
Online ISBN: 978-3-030-85623-6
eBook Packages: Computer ScienceComputer Science (R0)