Web Authentication Using Mikon Images
Date: August 25 2009
Publication: Proceedings of the 2009 World Congress on Privacy, Security, Trust and the Management of e-Business (CONGRESS '09)
Page(s): 79 - 88
Source 1: https://doi.org/10.1109/CONGRESS.2009.10 - Subscription or payment required
Abstract or Summary:
Authentication is mostly achieved by means of the ubiquitous password. This is sub optimal in some settings, such as for user groups with cognitive or language difficulties. Many Web-based systems have user groups with widely ranging capabilities, and more innovative authentication mechanisms should be investigated to enhance usability and accessibility while still delivering the required level of security to authorise legitimate users. This paper presents details of an authentication system which relies on the user identifying previously drawn Mikons. Mikons are self-drawn icon-like images, meant to depict a message the artist wants to convey at that point in time. These are drawn, at enrolment, using an embedded shock wave component within a browser. At authentication the user identifies his or her own Mikons from challenge sets, each containing one of the user's Mikon and a number of distractor Mikons. The efficacy of Mikons in this setting was investigated by using them in a recognition-based authentication system to authorise users of an online homework system over an eight month period. The Mikon-based system performed very well in terms of memorability and scalability, as anticipated, thus achieving the level of accessibility hoped for. A measure of predictability was observed, with a few of the participants being able to link sets of Mikons to their creators, but this did not pose a security risk to the system. This study shows that Mikon authentication has the potential to be a viable alternative to passwords for systems where the security requirement is secondary to other, more important, considerations. Such systems are usually low-risk and are often used by users with developmental, language or cognitive difficulties, or by users who are not yet literate. The imposition of a password on such users can be overly stringent and excessively demanding in terms of scarce cognitive resources. In this context, therefore, Mikons area viable alternative to meet the needs of the target user group.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.