An ecologically valid evaluation of an observation-resilient graphical authentication mechanism

Maguire, Joseph Noel (2013) An ecologically valid evaluation of an observation-resilient graphical authentication mechanism. PhD thesis, University of Glasgow.

Full text available as:
[thumbnail of 2013.MaguirePhD.pdf] PDF
Download (6MB)
Printed Thesis Information:


Alphanumeric authentication, by means of a secret, is not only a powerful mechanism, in theory, but prevails over all its competitors in reality. Passwords, as they are more commonly known, have the potential to act as a fairly strong gateway. In practice, though, password usage is problematic. They are (1) easily shared, (2) trivial to observe and (3) maddeningly elusive when forgotten. Moreover, modern consumer devices only exacerbate the problems of passwords as users enter them in shared spaces, in plain view, on television screens, on smartphones and on tablets. Asterisks may obfuscate alphanumeric characters on entry but popular systems, e.g. Apple iPhone and Nintendo Wii, require the use of an on-screen keyboard for character input. A number of alternatives to passwords have been proposed but none, as yet, have been adopted widely. There seems to be a reluctance to switch from tried and tested passwords to novel alternatives, even if the most glaring flaws of passwords can be mitigated. One argument is that there has not been sufficient investigation into the feasibility of the password alternatives and thus no convincing evidence that they can indeed act as a viable alternative. Graphical authentication mechanisms, solutions that rely on images rather than characters, are a case in point. Pictures are more memorable than the words that name them, meaning that graphical authentication mitigates one of the major problems with passwords. This dissertation sets out to investigate the feasibility of one particular observation-resilient graphical authentication mechanism called Tetrad. The authentication mechanism attempted to address two of the core problems with passwords: improved memorability and resistance to observability (with on-screen entry). Tetrad was tested in a controlled lab study, that delivered promising results and was well received by the evaluators. It was then deployed in a realistic context and its viability tested in three separate field tests. The unfortunate conclusion was that Tetrad, while novel and viable in a lab setting, failed to deliver a usable and acceptable experience to the end users. This thorough testing of an alternative authentication mechanism is unusual in this research field and the outcome is disappointing. Nevertheless, it acts to inform inventors of other authentication mechanisms of the problems that can manifest when a seemingly viable authentication mechanism is tested in the wild.

Item Type: Thesis (PhD)
Qualification Level: Doctoral
Keywords: authentication, context, shared space, secluded space, graphical authentication mechanism.
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Colleges/Schools: College of Science and Engineering > School of Computing Science
Supervisor's Name: Renaud, Dr. Karen
Date of Award: 2013
Embargo Date: 6 November 2016
Depositing User: Mrs Marie Cairney
Unique ID: glathesis:2013-4708
Copyright: Copyright of this thesis is held by the author.
Date Deposited: 06 Nov 2013 13:30
Last Modified: 17 Apr 2019 10:34

Actions (login required)

View Item View Item


Downloads per month over past year