{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:38:56Z","timestamp":1759091936107,"version":"3.41.2"},"reference-count":35,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2015,11,9]],"date-time":"2015-11-09T00:00:00Z","timestamp":1447027200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,11,9]]},"abstract":"\n Purpose<\/jats:title>\n \u2013 This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords persist despite several decades of evidence of their security and usability challenges. It seems extremely unlikely that a single scheme will globally replace text passwords, suggesting that a diverse ecosystem of multiple authentication schemes designed for specific environments is needed. Authentication scheme research has thus far proceeded in an unstructured manner. <\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n \u2013 This paper presents the User-Centred Authentication Feature Framework, a conceptual framework that classifies the various features that knowledge-based authentication schemes may support. This framework can used by researchers when designing, comparing and innovating authentication schemes, as well as administrators and users, who can use the framework to identify desirable features in schemes available for selection. <\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n \u2013 This paper illustrates how the framework can be used by demonstrating its applicability to several authentication schemes, and by briefly discussing the development and user testing of two framework-inspired schemes: Persuasive Text Passwords and Cued Gaze-Points. <\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n \u2013 This framework is intended to support the increasingly diverse ecosystem of authentication schemes by providing authentication researchers, professionals and users with the increased ability to design, develop and select authentication schemes better suited for particular applications, environments and contexts.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/ics-08-2014-0058","type":"journal-article","created":{"date-parts":[[2015,11,3]],"date-time":"2015-11-03T03:30:17Z","timestamp":1446521417000},"page":"497-515","source":"Crossref","is-referenced-by-count":7,"title":["User-centred authentication feature framework"],"prefix":"10.1108","volume":"23","author":[{"given":"Alain","family":"Forget","sequence":"first","affiliation":[]},{"given":"Sonia","family":"Chiasson","sequence":"additional","affiliation":[]},{"given":"Robert","family":"Biddle","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020122000271984100_b1","unstructured":"Baddeley, A.\n , \n Eysenck, M.\n and \n Anderson, M.\n (2009), \n Memory\n , Psychology Press, New York, NY."},{"key":"key2020122000271984100_b2","doi-asserted-by":"crossref","unstructured":"Bianchi, A.\n , \n Oakley, I.\n and \n Kwon, D.\n (2010), \u201cThe secure haptic keypad: a tactile password system\u201d, SIGCHI Conference on Human Factors in Computing Systems (CHI), Atlanta, GA, 10-15 April, ACM, New York, NY, pp. 1089-1092.","DOI":"10.1145\/1753326.1753488"},{"key":"key2020122000271984100_b3","unstructured":"Biddle, R.\n , \n Chiasson, S.\n and \n van Oorschot, P.C.\n (2012), \u201cGraphical passwords: learning from the first twelve years\u201d, \n ACM Computing Surveys\n , Vol. 44 No. 4, p. 19."},{"key":"key2020122000271984100_b4","unstructured":"Bojinov, H.\n , \n Sanchez, D.\n , \n Reber, P.\n , \n Boneh, D.\n and \n Lincoln, P.\n (2012), \u201cNeuroscience meets cryptography: designing crypto primitives secure against rubber hose attacks\u201d, Security Symposium, USENIX, Bellevue, WA, 8-10 August, pp. 129-141."},{"key":"key2020122000271984100_b5","doi-asserted-by":"crossref","unstructured":"Bonneau, J.\n , \n Herley, C.\n , \n van Oorschot, P.C.\n and \n Stajano, F.\n (2012), \u201cThe quest to replace passwords: a framework for comparative evaluation of web authentication schemes\u201d, Symposium on Security and Privacy, San Francisco, CA, 20-23 May, IEEE, pp. 553-567.","DOI":"10.1109\/SP.2012.44"},{"key":"key2020122000271984100_b7","unstructured":"Chiasson, S.\n , \n Forget, A.\n and \n Biddle, R.\n (2008a), \u201cAccessibility and graphical passwords\u201d, paper presented at the Symposium on Accessible Privacy and Security (SOAPS), Pittsburgh, PA, 23 July, available at: http:\/\/cups.cs.cmu.edu\/soups\/2008\/SOAPS\/chiasson.pdf (accessed 26 July 2014)."},{"key":"key2020122000271984100_b8","doi-asserted-by":"crossref","unstructured":"Chiasson, S.\n , \n Forget, A.\n , \n Biddle, R.\n and \n van Oorschot, P.C.\n (2008b), \u201cInfluencing users towards better passwords: persuasive cued click-points\u201d, British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction, British Computer Society, Swinton, pp. 121-130.","DOI":"10.14236\/ewic\/HCI2008.12"},{"key":"key2020122000271984100_b9","doi-asserted-by":"crossref","unstructured":"Chiasson, S.\n , \n Forget, A.\n , \n Stobert, E.\n , \n Biddle, R.\n and \n van Oorschot, P.C.\n (2009), \u201cMultiple password interference in text and click-based graphical passwords\u201d, Conference on Computer and Communications Security (CCS), Chicago, IL, 9-13 November, ACM, New York, NY, pp. 500-511.","DOI":"10.1145\/1653662.1653722"},{"key":"key2020122000271984100_b6","doi-asserted-by":"crossref","unstructured":"Chiasson, S.\n , \n van Oorschot, P.C.\n and \n Biddle, R.\n (2007), \u201cGraphical password authentication using Cued Click Points\u201d, European Symposium On Research In Computer Security (ESORICS), Dresden, 24-26 September, Springer, Berlin, pp. 359-374.","DOI":"10.1007\/978-3-540-74835-9_24"},{"key":"key2020122000271984100_b11","doi-asserted-by":"crossref","unstructured":"De Luca, A.\n , \n von Zezschwitz, E.\n , \n Pichler, L.\n and \n Hussmann, H.\n (2013), \u201cUsing fake cursors to secure on-screen password entry\u201d, SIGCHI Conference on Human Factors in Computing Systems (CHI), Paris, 27 April- 2 May, ACM, New York, NY, pp. 2399-2402.","DOI":"10.1145\/2470654.2481331"},{"key":"key2020122000271984100_b12","doi-asserted-by":"crossref","unstructured":"Egelman, S.\n , \n Sotirakopoulos, A.\n , \n Muslukhov, I.\n , \n Beznosov, K.\n and \n Herley, C.\n (2013), \u201cDoes my password go up to eleven? The impact of password meters on password selection\u201d, SIGCHI Conference on Human Factors in Computing Systems (CHI), Paris, ACM, New York, NY, pp. 2379-2388.","DOI":"10.1145\/2470654.2481329"},{"key":"key2020122000271984100_b13","doi-asserted-by":"crossref","unstructured":"Ellis, J.\n and \n Kvavilashvili, L.\n (2000), \u201cProspective memory in 2000: past, present, and future directions\u201d, \n Applied Cognitive Psychology\n , Vol. 14 No. 7, S1-S9.","DOI":"10.1002\/acp.767"},{"key":"key2020122000271984100_b14","doi-asserted-by":"crossref","unstructured":"Fogg, B.J.\n (2002), \n Persuasive Technology: Using Computers to Change What We Think and Do\n , Morgan Kaufmann Publishers, San Francisco, CA.","DOI":"10.1145\/764008.763957"},{"key":"key2020122000271984100_b37","unstructured":"Forget, A.\n (2012), \u201cA World with many authentication schemes\u201d, PhD Thesis, \n School of Computer Science\n , Carleton University, Ottawa, Ontario, October."},{"key":"key2020122000271984100_b15","doi-asserted-by":"crossref","unstructured":"Forget, A.\n , \n Chiasson, S.\n , \n van Oorschot, P.C.\n and \n Biddle, R.\n (2008), \u201cImproving text passwords through persuasion\u201d, Symposium on Usable Privacy and Security (SOUPS), Pittsburgh, PA, 23-25 July, ACM, New York, NY, pp. 1-12.","DOI":"10.1145\/1408664.1408666"},{"key":"key2020122000271984100_b16","doi-asserted-by":"crossref","unstructured":"Forget, A.\n , \n Chiasson, S.\n and \n Biddle, R.\n (2010), \u201cShoulder-surfing resistance with eye-gaze entry in click-based graphical passwords\u201d, SIGCHI Conference on Human Factors in Computing Systems (CHI), Atlanta, GA, 10-15 April, ACM, New York, NY, pp. 1107-1110.","DOI":"10.1145\/1753326.1753491"},{"key":"key2020122000271984100_b65","doi-asserted-by":"crossref","unstructured":"Forget, A.\n , \n Chiasson, S.\n and \n Biddle, R.\n (2015), \u201cChoose your own authentication\u201d, \n New Security Paradigms Workshop (NSPW)\n , ACM, New York, NY, The workshop was held in Twente, The Netherlands.","DOI":"10.1145\/2841113.2841114"},{"key":"key2020122000271984100_b17","doi-asserted-by":"crossref","unstructured":"Herley, C.\n and \n van Oorschot, P.C.\n (2012), \u201cA research agenda acknowledging the persistence of passwords\u201d, \n IEEE Security & Privacy\n , Vol. 10 No. 1, pp. 28-36.","DOI":"10.1109\/MSP.2011.150"},{"key":"key2020122000271984100_b18","doi-asserted-by":"crossref","unstructured":"Kim, D.\n , \n Dunphy, P.\n , \n Briggs, P.\n , \n Hook, J.\n , \n Nicholson, J.\n , \n Nicholson, J.\n and \n Olivier, P.\n (2010), \u201cMulti-touch authentication on tabletops\u201d, SIGCHI Conference on Human Factors in Computing Systems (CHI), Atlanta, GA, 10-15 April, ACM, New York, NY, pp. 1093-1102.","DOI":"10.1145\/1753326.1753489"},{"key":"key2020122000271984100_b19","doi-asserted-by":"crossref","unstructured":"Kumar, M.\n , \n Garfinkel, T.\n , \n Boneh, D.\n and \n Winograd, T.\n (2007), \u201cReducing shoulder-surfing by using gaze-based password entry\u201d, Symposium on Usable Privacy and Security (SOUPS), Pittsburgh, PA, 18-20 July, ACM, New York, NY, pp. 13-19.","DOI":"10.1145\/1280680.1280683"},{"key":"key2020122000271984100_b20","doi-asserted-by":"crossref","unstructured":"MacKenzie, I.\n and \n Soukore, R.\n (2002), \u201cText entry for mobile computing: models and methods, theory and practice\u201d, \n Human-Computer Interaction\n , Vol. 17 Nos 2\/3, pp. 147-198.","DOI":"10.1207\/S15327051HCI172&3_2"},{"key":"key2020122000271984100_b21","unstructured":"Real User Corporation\n (2004), \u201cThe science behind Passfaces\u201d, available at: www.realuser.com\/published\/ScienceBehindPassfaces.pdf (accessed 26 July 2014)."},{"key":"key2020122000271984100_b22","unstructured":"Renaud, K.\n (2005), \u201cEvaluating authentication mechanism\u201d, in \n Cranor, L.F.\n and \n Garfinkel, S.\n (Eds), \n Security and Usability: Designing Systems that People Can Use\n , O\u2019Reilly, Sebastopol, CA, pp. 103-128."},{"key":"key2020122000271984100_b23","doi-asserted-by":"crossref","unstructured":"Rovee-Collier, C.\n , \n Hayne, H.\n and \n Colombo, M.\n (2001), \n The Development of Implicit and Explicit Memory\n , John Benjamins Publishing, Amsterdam.","DOI":"10.1075\/aicr.24"},{"key":"key2020122000271984100_b24","doi-asserted-by":"crossref","unstructured":"Schaub, F.\n , \n Deyhle, R.\n and \n Weber, M.\n (2012), \u201cPassword entry usability and shoulder surfing susceptibility on different smartphone platforms\u201d, International Conference on Mobile and Ubiquitous Multimedia (MUM), Ulm, 3-6 December, ACM, New York, NY, pp. 13-22.","DOI":"10.1145\/2406367.2406384"},{"key":"key2020122000271984100_b25","doi-asserted-by":"crossref","unstructured":"Standing, L.\n , \n Conezio, J.\n and \n Haber, R.\n (1970), \u201cPerception and memory for pictures: single-trial learning of 2500 visual stimuli\u201d, \n Psychonomic Science\n , Vol. 19 No. 2, pp. 73-74.","DOI":"10.3758\/BF03337426"},{"key":"key2020122000271984100_b26","unstructured":"Stobert, E.\n and \n Biddle, R.\n (2014), \u201cThe password life cycle: user behaviour in managing passwords\u201d, Symposium on Usable Privacy and Security,USENIX, Menlo Park, CA, 9-11 July, pp. 243-255."},{"key":"key2020122000271984100_b27","doi-asserted-by":"crossref","unstructured":"Tari, F.\n , \n Ozok, A.\n and \n Holden, S.\n (2006), \u201cA comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords\u201d, Symposium on Usable Privacy and Security (SOUPS), Pittsburgh, PA, 12-14 July, ACM, New York, NY, pp. 56-66.","DOI":"10.1145\/1143120.1143128"},{"key":"key2020122000271984100_b28","doi-asserted-by":"crossref","unstructured":"Thorpe, J.\n , \n van Oorschot, P.C.\n and \n Somayaji, A.\n (2005), \u201cPass-thoughts: authenticating with our minds\u201d, New Security Paradigms Workshop (NSPW), ACM, Lake Arrowhead, California, US, pp. 45-56.","DOI":"10.1145\/1146269.1146282"},{"key":"key2020122000271984100_b29","unstructured":"Tulving, E.\n and \n Donaldson, W.\n (1972), \n Organization of Memory\n , Academic Press, New York."},{"key":"key2020122000271984100_b30","unstructured":"Weber, R.\n (2006), \u201cThe statistical security of GrIDsure\u201d, Technical Report, University of Cambridge, Cambridge."},{"key":"key2020122000271984100_b31","doi-asserted-by":"crossref","unstructured":"White, A.M.\n , \n Shaw, K.\n , \n Monrose, F.\n and \n Moreton, E.\n (2014), \u201cIsn\u2019t that fantabulous: security, linguistic and usability challenges of pronounceable tokens\u201d, \n New Security Paradigms Workshop (NSPW)\n , ACM, Victoria, British Columbia.","DOI":"10.1145\/2683467.2683470"},{"key":"key2020122000271984100_b32","doi-asserted-by":"crossref","unstructured":"Wiedenbeck, S.\n , \n Waters, J.\n , \n Birget, J.\n , \n Brodskiy, A.\n and \n Memon, N.\n (2005), \u201cPassPoints: design and longitudinal evaluation of a graphical password system\u201d, \n International Journal of Human-Computer Studies\n , Vol. 63 No. 1, pp. 102-127.","DOI":"10.1016\/j.ijhcs.2005.04.010"},{"key":"key2020122000271984100_b33","doi-asserted-by":"crossref","unstructured":"Yan, J.\n , \n Blackwell, A.\n , \n Anderson, R.\n and \n Grant, A.\n (2004), \u201cPassword memorability and security: empirical results\u201d, \n IEEE Security & Privacy\n , Vol. 2 No. 5, pp. 25-31.","DOI":"10.1109\/MSP.2004.81"},{"key":"key2020122000271984100_frd1","doi-asserted-by":"crossref","unstructured":"Chiasson, S.\n , \n Stobert, E.\n , \n Forget, A.\n , \n Biddle, R.\n and \n van Oorschot, P.C.\n (2012), \u201cPersuasive Cued click-points: design, implementation, and evaluation of a knowledge-based authentication mechanism\u201d, \n IEEE Transactions on Dependable and Secure Computing (TDSC)\n , Vol. 9 No. 2, pp. 222-235.","DOI":"10.1109\/TDSC.2011.55"}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-08-2014-0058","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-08-2014-0058\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-08-2014-0058\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:06Z","timestamp":1753406586000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/23\/5\/497-515\/110966"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,11,9]]},"references-count":35,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2015,11,9]]}},"alternative-id":["10.1108\/ICS-08-2014-0058"],"URL":"https:\/\/doi.org\/10.1108\/ics-08-2014-0058","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2015,11,9]]}}}