Assessing image-based authentication techniques in a web-based environment
Emerald Group Publishing Limited
Faculty of Computing, Health and Science
School of Computer and Security Science / Security Research Centre (secAU)
The purpose of this paper is to assess the usability of two image-based authentication methods when used in the web-based environment. The evaluated approaches involve clicking secret points within a single image (click-based) and remembering a set of images in the correct sequence (choice-based). A “one-to-one” usability study was conducted in which participants had to complete three main tasks; namely authentication tasks (register, confirm and login), spot the difference activity and provide feedback. From analysing the results in terms of timing, number of attempts, user feedback, accuracy and predictability, it is found that the choice-based approach is better in terms of usability, whereas the click-based method performed better in terms of timing and is ratedmore secure against social engineering.The majority of participants are from the academic sector (students, lecturers, etc.) and had up to seven years’ IT experience. To obtain more statistically significant results, it is proposed that participants should be obtained from various sectors, having a more varied IT experience. The results suggest that in order for image-based authentication to be used in the web environment, more work is needed to increase the usability, while at the same time maintaining the security of both techniques. This paper enables a direct comparison of the usability of two alternative image-based techniques, with the studies using the same set of participants and the same set of environment settings.