Preliminary Results

From system logs the researcher discovered that the average login time was about 22 seconds. This was considered good enough in consideration of the results obtained from the comparative analysis of existing graphical models presented in table 7.6 in which 6 out of 8 of the systems for which the login time was reported had login times exceeding 25s. This also plausible as the participants were all new to the use of such systems. This is consolidated by the fact that 6 out of the 30 participants had chosen to use up to 4 authentication steps, while 5 of the 30 have used a grid size of 5. The researcher collected the number of steps chosen by each user as well as his chosen grid size in order to understand user preferences in relation to the selection of grid size and number of authentication steps.

5.3.3 Observations

In terms of the security of the system, all participants believed that the system was secure enough to be adopted as a password system. Two of the participants, however, suggested that the creation of more properties would make the system safer. From the usability perspective, all participants reported that they were fully comfortable in using the system and that they enjoyed using the system. No suggestion was made for any adjustments to the experimental procedures. One student, however, suggested that the addition of more colours will make the system more attractive, and hence more usable.

In all implementations of the property based system, there are four grid sizes for users to select from. The grid sizes were: 2, 3, 4 and 5. There are also four authentication steps for users to select from; these are 1, 2, 3 and 4. Since each user has four grid sizes to select from, and each user also has four authentication steps to select from, a choice had to be made as to the most suitable grid size/step combination to use in the experiments. Rather than a random selection, the researcher adopts the grid/step combination from the pilot study that is adopted and used by the highest number of participants. This combination happened to be the one with 2 steps and a grid size of 3, which was adopted by the highest population of 7 users and was thus adopted as a control variable.

5.4 Experiment 1

The aim of the experiment was to understand if significant mean variation will be recorded in the sign up (registration) times and login (authentication) times of three of the developed property based authentication models. These are: the colour based model, the pattern based model and the magnitude based model. A comparison of subjective user opinion on the performance of each of the models on various usability metrics was also performed.

5.4.1 Hypothesis

This experiment is aimed at investigating the following hypothesis in relation to the registration (sign up) time, the time to complete the first authentication step (step time 1), the time to complete the second authentication step (step time 2 ) and the total authentication time (sum of time for step 1 and step 2) performed by the participants. The hypothesis are:

1) That at least one of the authentication models will incur significantly greater mean registration time than the other models.

2) That at least one of the authentication models will incur significantly greater mean login time for step 1 than the other models.

3) That at least one of the authentication models will incur significantly greater mean login time for step 2 than the other models.

4) That the mean total authentication time will be significantly greater for one of the models than the other models presented.

5.4.2 Research Participants

Thirty three undergraduate science students participated in the research. All participants were between the ages of 22 and 35 years and each had at least one email address and one bank account, which means that each has at least one password and one PIN. All participants claimed to have used computers and the internet for a number of years and were thus experienced in the use of computers. The use of a student population also ensured that there was not much disparity in proficiency and computing expertise among members of the sample population.

5.4.3 Experimental Design

A within users design was used for the experiment in which thirty three participants were each allocated the three test conditions which were:

1. A colour based implementation of the property based scheme. 2. A pattern based implementation of the property based scheme. 3. A magnitude based implementation of the property based scheme.

The operational procedures and the interface layout of each of the prototypes is identical with the only difference being in the factor with which the authentication takes place. The tasks to be performed by each of the participants on each of the prototypes was also the same.

The decision to use a within users design was borne out of the necessity to have a considerably large sample population for the testing of each of the models so as to obtain acceptable and statistically relevant results when the actual participant population was low. It can also help to ensure small variations among the samples as users are tested among themselves.

5.4.4 Experimental Variables

The independent variables are the three property based models used in the experiment. The dependent variables are the system log and user performance data obtained from subjective user opinion through the use of experimental questionnaires. These are the registration and login times and scores awarded by the participants on a number of usability metrics such as ease of use, ease of learning, security and user satisfaction. A post-experiment questionnaire was used to obtain

subjection user opinion on a likert type scale of 1 to 9 for all questions that were to be scored by the users.

Although, by design, the grid size for authentication and the number of authentication steps in each scheme for each user is chosen by the user during registration, in each experiment, however, the researcher has chosen a fixed grid size of nine and two authentication steps as control variables for the research. This is to provide the needed uniformity in the number of tasks performed by each of the users in each experiment.