Effects of Authentication Method and System Properties on Authentication Decisions and Performance

Abstract

Knowledge-based authentication is the oldest and most widely used form of authentication, but it is still problematic. We present a model of the effects of usage cost variables (e.g., code length, required motion precisions) on authentication performance (time for authentication, error rate) and on the decision to use authentication. We tested model predictions in two experiments in which participants played an investment game and had to use authentication to change their investment. We manipulated the authentication method (personal identification number vs. graphical password), the required precision for authentication, the code length, and time pressure. The variables affected authentication decisions and performance, but the effects were not the same. Also, when the graphical password required greater response precision, performance and subjective ratings decreased dramatically, much more than predicted by combining the effects of the variables independently. These results point to a number of issues that must be considered when designing authentication procedures.