{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,27]],"date-time":"2025-12-27T22:51:32Z","timestamp":1766875892143,"version":"3.37.3"},"reference-count":42,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2018,6,19]],"date-time":"2018-06-19T00:00:00Z","timestamp":1529366400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100002802","name":"Cardiff Metropolitan University","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100002802","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Educ Inf Technol"],"published-print":{"date-parts":[[2019,1]]},"DOI":"10.1007\/s10639-018-9758-7","type":"journal-article","created":{"date-parts":[[2018,6,19]],"date-time":"2018-06-19T02:22:01Z","timestamp":1529374921000},"page":"13-39","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":29,"title":["A study into the usability and security implications of text and image based challenge questions in the context of online examination"],"prefix":"10.1007","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9374-0769","authenticated-orcid":false,"given":"Abrar","family":"Ullah","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hannan","family":"Xiao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Trevor","family":"Barker","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,6,19]]},"reference":[{"key":"9758_CR1","doi-asserted-by":"crossref","unstructured":"Babic A., Xiong H., Yao D., Iftode L., editors. (2009). Building robust authentication systems with activity-based personal questions. Proceedings of the 2nd ACM workshop on Assurable and usable security configuration; ACM.","DOI":"10.1145\/1655062.1655067"},{"key":"9758_CR2","first-page":"17","volume":"547","author":"JL Bailie","year":"2009","unstructured":"Bailie, J. L., & Jortberg, M. A. (2009). Online learner authentication: Verifying the identity of online users. Bulletin-Board Postings, 547, 17.","journal-title":"Bulletin-Board Postings"},{"key":"9758_CR3","doi-asserted-by":"publisher","first-page":"405","DOI":"10.1007\/978-1-4471-0515-2_27","volume-title":"People and computers XIV\u2014usability or else","author":"S Brostoff","year":"2000","unstructured":"Brostoff, S., & Sasse, M. A. (2000). Are Passfaces more usable than passwords? A field trial investigation. In S. Mcdonald, Y. Waern, & G. Cockton (Eds.), People and computers XIV\u2014usability or else (pp. 405\u2013424). London: Springer."},{"key":"9758_CR4","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1145\/960492.960539","volume":"35","author":"J Carter","year":"2003","unstructured":"Carter, J., Ala-Mutka, K., Fuller, U., Dick, M., English, J., Fone, W., & Sheard, J. (2003: ACM). How shall we assess this? ACM SIGCSE Bulletin, 35, 107.","journal-title":"ACM SIGCSE Bulletin"},{"issue":"1","key":"9758_CR5","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1016\/j.dss.2008.07.008","volume":"46","author":"Y Chen","year":"2008","unstructured":"Chen, Y., & Liginlal, D. (2008). A maximum entropy approach to feature selection in knowledge-based authentication. Decision Support Systems., 46(1), 388\u2013398.","journal-title":"Decision Support Systems."},{"key":"9758_CR6","doi-asserted-by":"crossref","unstructured":"Church K., De Oliveira R., editors. (2013). What's up with whatsapp?: comparing mobile instant messaging behaviors with traditional SMS. Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services; ACM.","DOI":"10.1145\/2493190.2493225"},{"issue":"2","key":"9758_CR7","doi-asserted-by":"publisher","first-page":"166","DOI":"10.1046\/j.1365-2923.2002.01068.x","volume":"36","author":"A Ercole","year":"2002","unstructured":"Ercole, A., Whittlestone, K., Melvin, D., & Rashbass, J. (2002). Collusion detection in multiple choice examinations. Medical Education, 36(2), 166\u2013172.","journal-title":"Medical Education"},{"key":"9758_CR8","doi-asserted-by":"crossref","unstructured":"Florencio D., Herley C., editors. (2007). A large-scale study of web password habits\". Proceedings of the 16th international conference on World Wide Web; ACM.","DOI":"10.1145\/1242572.1242661"},{"key":"9758_CR9","unstructured":"Hafiz M. D., Abdullah A. H., Ithnin N., Mammi H. K., editors. (2008). Towards identifying usability and security features of graphical password in knowledge based authentication technique. Modeling & Simulation, 2008 AICMS 08 Second Asia International Conference on; 2008: IEEE."},{"issue":"1","key":"9758_CR10","first-page":"89","volume":"2","author":"M Hart","year":"2004","unstructured":"Hart, M., & Friesner, T. (2004). Plagiarism and poor academic practice\u2013a threat to the extension of e-learning in higher education? Electronic Journal on e-Learning, 2(1), 89\u201396.","journal-title":"Electronic Journal on e-Learning"},{"key":"9758_CR11","unstructured":"Hayashi E., Hong J., Christin N., editors. (2011).Security through a different kind of obscurity: Evaluating distortion in graphical authentication schemes. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems; 2011: ACM."},{"key":"9758_CR12","unstructured":"Iso9241-11. (1998). Ergonomic requirements for office work with visual dispaly terminals, Part 11: Guidance on usability. ISO 9241-11. Geneva1998."},{"issue":"11","key":"9758_CR13","doi-asserted-by":"publisher","first-page":"2245","DOI":"10.1016\/j.patcog.2004.04.011","volume":"37","author":"ATB Jin","year":"2004","unstructured":"Jin, A. T. B., Ling, D. N. C., & Goh, A. (2004). Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition., 37(11), 2245\u20132255.","journal-title":"Pattern Recognition."},{"issue":"5","key":"9758_CR14","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/MSP.2004.80","volume":"2","author":"M Just","year":"2004","unstructured":"Just, M. (2004). Designing and evaluating challenge-question systems. Security & Privacy, IEEE., 2(5), 32\u201339.","journal-title":"Security & Privacy, IEEE."},{"key":"9758_CR15","unstructured":"Just M., Aspinall D., editors. (2009a). Challenging challenge questions. Socio-economic strand. Oxford University UK."},{"key":"9758_CR16","unstructured":"Just M., Aspinall D., editors. (2009b). Choosing better challenge questions. Symposium on usable privacy and security (SOUPS); CA, USA: ACM."},{"key":"9758_CR17","doi-asserted-by":"crossref","unstructured":"Just M., Aspinall D., editors. (2009c). Personal choice and challenge questions: a security and usability assessment. Proceedings of the 5th Symposium on Usable Privacy and Security; CA,USA: ACM.","DOI":"10.1145\/1572532.1572543"},{"key":"9758_CR18","unstructured":"Just M., Aspinall D., editors. (2012). On the security and usability of dual credential authentication in UK online banking. Internet Technology and Secured Transactions, 2012 International Conferece For; IEEE."},{"issue":"1","key":"9758_CR19","first-page":"1","volume":"3","author":"R Kitahara","year":"2011","unstructured":"Kitahara, R., Westfall, F., & Mankelwicz, J. (2011). New, multi-faceted hybrid approaches to ensuring academic integrity. Journal of Academic and Business Ethics., 3(1), 1\u201312.","journal-title":"Journal of Academic and Business Ethics."},{"key":"9758_CR20","unstructured":"Laubscher R., Olivier M. S., Venter H. S., Eloff J. H. P., Rabe D. J., editors. (2005). The role of key loggers in computer-based assessment forensics. Proceedings of the 2005 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries; 2005: South African Institute for Computer Scientists and Information Technologists."},{"issue":"2","key":"9758_CR21","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MSECP.2004.1281254","volume":"2","author":"G Mcgraw","year":"2004","unstructured":"Mcgraw, G. (2004). Software security. Security & Privacy, IEEE., 2(2), 80\u201383.","journal-title":"Security & Privacy, IEEE."},{"issue":"4","key":"9758_CR22","doi-asserted-by":"publisher","first-page":"469","DOI":"10.1109\/JSYST.2009.2038957","volume":"3","author":"A Moini","year":"2009","unstructured":"Moini, A., & Madni, A. M. (2009). Leveraging biometrics for user authentication in online learning: A systems perspective. IEEE Systems Journal., 3(4), 469\u2013476.","journal-title":"IEEE Systems Journal."},{"issue":"6","key":"9758_CR23","doi-asserted-by":"publisher","first-page":"881","DOI":"10.1111\/j.1539-6924.2010.01442.x","volume":"30","author":"G Purdy","year":"2010","unstructured":"Purdy, G. (2010). ISO 31000: 2009\u2014setting a new standard for risk management. Risk Analysis, 30(6), 881\u2013886.","journal-title":"Risk Analysis"},{"key":"9758_CR24","unstructured":"Rabkin A., editor. (2008). Personal knowledge questions for fallback authentication: Security questions in the era of Facebook. In SOUPS: Proceedings of the 4th Symposium on Usable Privacy and Security; 2008; 23, New York: ACM."},{"key":"9758_CR25","doi-asserted-by":"crossref","unstructured":"Renaud K., Just M., editors. (2010). Pictures or questions?: examining user responses to association-based authentication. Proceedings of the 24th BCS Interaction Specialist Group Conference; British Computer Society.","DOI":"10.14236\/ewic\/HCI2010.14"},{"key":"9758_CR26","unstructured":"Rowe, N. C. (2004). Cheating in online student assessment: Beyond plagiarism. Online Journal of Distance Learning Administration., 7(2)."},{"key":"9758_CR27","doi-asserted-by":"crossref","unstructured":"Schechter S., Brush A. J. B., Egelman S., editors. (2009). It's No Secret. Measuring the Security and Reliability of Authentication via 'secret' questions. 30th IEEE Symposium on Security and Privacy; IEEE.","DOI":"10.1145\/1572532.1572580"},{"key":"9758_CR28","doi-asserted-by":"crossref","unstructured":"Seffah A., Kececi N., Donyaee M., editors. (2001).QUIM: A framework for quantifying usability metrics in software quality models. Quality Software, 2001 Proceedings Second Asia-Pacific Conference on; IEEE.","DOI":"10.1109\/APAQS.2001.990036"},{"issue":"1","key":"9758_CR29","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1016\/S0022-5371(67)80067-7","volume":"6","author":"RN Shepard","year":"1967","unstructured":"Shepard, R. N. (1967). Recognition memory for words, sentences, and pictures. Journal of Verbal Learning and Verbal Behavior., 6(1), 156\u2013163.","journal-title":"Journal of Verbal Learning and Verbal Behavior."},{"key":"9758_CR30","volume-title":"Profile based student authentication in online examination. International conference on information society","author":"A Ullah","year":"2012","unstructured":"Ullah, A., Xiao, H., & Lilley, M. (2012a). Profile based student authentication in online examination. International conference on information society. London: IEEE."},{"key":"9758_CR31","unstructured":"Ullah A., Xiao H., Lilley M., Barker T., editors. (2012b). Usability of profile based student authentication and traffic light system in online examination. The 7th International Conference for Internet Technology and Secured Transactions (ICITST); London, UK: IEEE."},{"issue":"3\/4","key":"9758_CR32","first-page":"9","volume":"5","author":"A Ullah","year":"2012","unstructured":"Ullah, A., Xiao, H., Lilley, M., & Barker, T. (2012c). Using challenge questions for student authentication in online examination. International Journal for Infonomics (IJI), 5(3\/4), 9.","journal-title":"International Journal for Infonomics (IJI)"},{"issue":"1","key":"9758_CR33","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1186\/1869-0238-5-2","volume":"5","author":"A Ullah","year":"2014","unstructured":"Ullah, A., Xiao, H., Barker, T., & Lilley, M. (2014a). Evaluating security and usability of profile based challenge questions authentication in online examinations. Journal of Internet Services and Applications., 5(1), 2.","journal-title":"Journal of Internet Services and Applications."},{"key":"9758_CR34","doi-asserted-by":"crossref","unstructured":"Ullah A., Xiao H., Barker T., Lilley M., editors. (2014b) Graphical and text based challenge questions for secure and usable authentication in online examinations. The 9th International Conference for Internet Technology and Secured Transactions (ICITST); London, UK: IEEE.","DOI":"10.1109\/ICITST.2014.7038825"},{"key":"9758_CR35","first-page":"131","volume-title":"Human aspects of information security, privacy, and trust HAS 2015 lecture notes in computer science","author":"A Ullah","year":"2015","unstructured":"Ullah, A., Xiao, H., & Barker, T. (2015). Usability of activity-based and image-based challenge questions in online student authentication. In T. Tryfonas & I. Askoxylakis (Eds.), Human aspects of information security, privacy, and trust HAS 2015 lecture notes in computer science (pp. 131\u2013140). Cham: Springer."},{"key":"9758_CR36","unstructured":"Ullah A., Xiao H., Barker T., editors. (2016). A classification of threats to remote online examinations. Computing and Communication (IEMCON), 2016 International Conference and Workshop on; 2016: IEEE."},{"issue":"1","key":"9758_CR37","first-page":"n1","volume":"13","author":"G Watson","year":"2010","unstructured":"Watson, G., & Sottile, J. (2010). Cheating in the digital age: Do students cheat more in online courses? Online Journal of Distance Learning Administration., 13(1), n1.","journal-title":"Online Journal of Distance Learning Administration."},{"issue":"11","key":"9758_CR38","doi-asserted-by":"publisher","first-page":"1079","DOI":"10.1046\/j.1365-2044.2003.03405.x","volume":"58","author":"D Wheeler","year":"2003","unstructured":"Wheeler, D., Whittlestone, K., Smith, H., Gupta, A., & Menon, D. (2003). A web-based system for teaching, assessment and examination of the undergraduate peri-operative medicine curriculum. Anaesthesia, 58(11), 1079\u20131086.","journal-title":"Anaesthesia"},{"key":"9758_CR39","doi-asserted-by":"crossref","unstructured":"Wiedenbeck S., Waters J., Birget J.-C., Brodskiy A., Memon N., editors. (2005). Authentication using graphical passwords: Effects of tolerance and image choice. Proceedings of the 2005 symposium on Usable privacy and security; ACM.","DOI":"10.1145\/1073001.1073002"},{"key":"9758_CR40","unstructured":"Youll J. (2006). Fraud vulnerabilities in sitekey security at bank of america.\" Available: www.cr-labs com\/publications\/SiteKey-20060718 pdf."},{"key":"9758_CR41","doi-asserted-by":"crossref","unstructured":"Zviran M., Haga W. J., editors. (1990). User authentication by cognitive passwords: An empirical assessment\". Information Technology, 1990 'Next decade in information technology', Proceedings of the 5th Jerusalem Conference on (Cat No 90TH0326-9); IEEE.","DOI":"10.1109\/JCIT.1990.128279"},{"issue":"3","key":"9758_CR42","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1093\/comjnl\/36.3.227","volume":"36","author":"M Zviran","year":"1993","unstructured":"Zviran, M., & Haga, W. J. (1993). A comparison of password techniques for multilevel authentication mechanisms. The Computer Journal, 36(3), 227\u2013237.","journal-title":"The Computer Journal"}],"container-title":["Education and Information Technologies"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10639-018-9758-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10639-018-9758-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10639-018-9758-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,1,17]],"date-time":"2020-01-17T12:16:50Z","timestamp":1579263410000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10639-018-9758-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,6,19]]},"references-count":42,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,1]]}},"alternative-id":["9758"],"URL":"https:\/\/doi.org\/10.1007\/s10639-018-9758-7","relation":{},"ISSN":["1360-2357","1573-7608"],"issn-type":[{"type":"print","value":"1360-2357"},{"type":"electronic","value":"1573-7608"}],"subject":[],"published":{"date-parts":[[2018,6,19]]},"assertion":[{"value":"28 August 2017","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 June 2018","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 June 2018","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with ethical standards"}},{"value":"There are no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}]}}