Purpose: To determine the effects of organised image selection on authentication times of users in the word based model
Parameters: Compare mean login (authentication) times of each user’s login session for four forms of organised image selection (standard spelling, ordinal spelling, fixed lettering and ordered lettering) and the random selection for the word based authentication model.
In the word based model, there are a number of ways a user can ‘organise’ the way his word based password is being selected and used. There are several ‘styles’ of organised image selection. A detailed explanation of the meaning and methods of organised image selection for a word based model are presented in Appendix 7B. The concept of organised image selection is introduced in the quest to improve password memorability. In this experiment, participants are asked to create several passwords on a word based authentication system, each time adopting one of the various ‘styles’ of organised image selection. The login time incurred between sessions while adopting
these styles is computed and analysed for significant mean variation against randomized image selection.
5.10.1 Main Hypotheses
The experiment is aimed at understanding if significant mean variation will be established between the random selection style (condition 5 of the experiment) and any of the organised conditions (1, 2, 3 or 4). Hence, the following hypotheses are made:
H0: That the random selection (condition 5) will not incur significantly greater mean login time than any of the organised selection styles (conditions 1, 2, 3 or 4).
H1: That the random selection (condition 5) will incur significantly greater mean login time than at least one of the organised selection styles (conditions 1, 2, 3 or 4).
5.10.2 Research Participants
Fifteen computer science undergraduate students were recruited for a within users study of the five experimental conditions (selection styles). The participants were all between the ages of 22 and 35, and each has at least one email and one bank account. Each participant hence has at least one online password and one numerical PIN and is experienced in the use of passwords. All participants claimed to have used computers and the internet for at least 3 years and were thus all considerably skilled in the use of computers.
5.10.3 Experimental Design
A within users design was used for the experiment in which fifteen participants were recruited and each participant was asked to create a passwords with each of the five styles of user password selection to for the word based model as test conditions. The styles are:
1. Standard Spelling. (see section 3.11) 2. Ordinal Spelling.
3. Fixed Lettering. 4. Ordered Lettering. 5. Random Selection.
The operational procedures and interface for each selection style remained the same, with the only difference being the format of password selection. The tasks to be performed by each of the participants on each of the password selection styles was the same.
5.10.4 Experimental Variables
The independent variables are the five password selection styles of the word based model being investigated in the experiment. The dependent variable is the registration (login) time that is captured by the system. The control variables are the grid size and number of authentication steps. No questionnaire was used in this experiment.
5.10.5 Apparatus and Materials
• An ASUS N55s laptop PC running windows 10, 6. 00 GB RAM and 15.6” monitor
• A prototype implementation of the word based authentication system installed on the system.
• A consent form to ensure participant’s informed consent. *** No questionnaires are issued for this experiment.
5.10.6 Experimental Procedure
The participants were recruited by means of a recruitment form. A consent form was provided to each of the participants to sign and confirm their informed consent before the conduct of the experiments. A participant is expected to adopt one of the selection styles provided (experimental conditions) and to perform the two operations (1) create a password using one of the styles, (2) login to the system using the password he has created in (1). Each participant tests all the five experimental conditions one at a time.
These two operations are each divided into a number of tasks, however, the experiment is only interested in the login data, i.e., data collected for the 2nd (authentication stage). The stages are:
1. The registration (password creation) stage
✓ Click on the “sign up” button
✓ Enter a chosen username in the textbox provided
✓ Select the number of authentication steps to be used in the experiment (which is 2)
✓ Select image properties for step 1 in the image properties window
2. The authentication stage
✓ Enter your chosen username in the textbox provided
✓ Click on the “continue” button
✓ Select image for step 1 in the step 1 image grid
✓ Click on the “continue” button
✓ Select image for step 2 in the step 1 image grid
✓ Click on the “continue” button
The system logs timing data for both stages, the timing data for the authentication stage shall be used in the analysis of the experiment and the evaluation of its findings.
5.10.7 Experimental Results for Experiment 7
A one-way analysis of variance (ANOVA) was performed on the login data generated from system logs (Appendix 7). The ANOVA results showed no statistically significant variation of means between groups for the login time [F(4, 70) = 1.589, p=0.187]. The Tukey post hoc analysis also shows no significant mean variation between any pair of the various image selection styles investigated in this experiment.
Although the post hoc analysis shows no significant mean variation between the random selection (condition 5) and any other style (conditions 1 to 4), condition 5 still has the highest mean of all the styles. This shows that it on average, it took longer for participants to login using condition 5 compared to all other selection styles. The variation in the mean time it took to login between all the models is just not statistically significant.
5.10.8 Discussion of Results for Experiment 7
In spite of the expected significant mean variation between the random selection and the other ‘organised’ selection styles, the ANOVA analysis and Tukey post hoc analysis both suggest to the contrary. Hence the results confirm the null hypothesis that that the random selection (condition 5) will not incur significantly greater mean login time than any of the organised selection styles (conditions 1, 2, 3 or 4). This is the analysis of the results available at the moment. Since the condition 5 has the highest mean login time, and the difference between the mean in condition 5 and the largest mean in the ‘organised’ conditions (condition 4) is much larger than the difference between any two means among the organised conditions, the results may change with a larger participant population size. This is however left for future experiments