Instead of viewing users as the inevitable weak point in the authentication process, we propose that authentication interfaces be designed to take advantage of users’ natural abilities. This approach requires that we understand how interactions with authentication interfaces can be improved and what human capabilities can be exploited. This work has resulted in working graphical authentication prototypes (Cain & Still, 2017; Tiller, Angelini, Leibner, & Still, 2019) and associated provisional patents. To begin bridging the gap between research and practice, we have consolidated the recognized usability issues into a list of authentication design guidelines (Still, Cain, & Schuster, 2017). In addition, we have started to explore the over-the-shoulder-attack vector from a behavioral perspective (e.g., Cain, Werner, & Still, 2017; Cain, Chiu, Santiago, & Still, 2016), which is a recognized weakness of next-gen graphical authentication. Recently, we have started exploring the impact authentication schemes have on our limited working memory resources (Still & Cain, 2019).
Image taken from Cain and Still (2017). Rapid, Serial, Visual Presentation method (RSVP) authentication scheme, which presents users with a stream of rapid, degraded images. RSVP is easy for end-users but difficult for casual over-the-shoulder attackers. Pane A shows the passcode objects and Pane B shows them degraded.