KidsDoodlePass: An Exploratory Study of an Authentication Mechanism for Young Children

Abstract: Textual passwords are problematic for young children, whose cognitive, memory and linguistic capabilities are still developing. A possible alternative to using text for authentication systems for young children is drawings. In this paper, we describe an authentication system called KidsDoodlePass, which use simple drawings ("doodles") that the children themselves create. An initial evaluation of the system was undertaken with 19 children aged 6 to 9 years of age. Success of logging in with KidsDoodlePass was h… Show more

“…Alkhamis et al [2] study found that children between the age of 6-9 were able to effectively authenticate with a doodle they created, and this persisted in subsequent trials. Assal et al [6] assessed usability and preference for graphical passwords for children and adults, finding a preference for graphical authentication, with children most effectively recalling distinct objects like an animal, this was also found by Stewart et al [53] in their study with younger children.…”

“…The papers in this review placed greater importance on memory and literacy whilst potentially overlooking problem solving in password generation which could be vital in solving problems with password generation. Children have been observed to have difficulty with authentication and the research suggests memory, attention, and literacy most prominently, the experiences of authentication may then be often negative for children, and this is proposed as affecting the way in which passwords will then be created in the future [2]. It is likely then, that children will choose to create weak passwords to improve authentication experiences, and thus continuing insecure password practice.…”

“…Even so, best practice within cybersecurity, such as creating and authenticating strong passwords, is cognitively challenging for young children in several ways. Passwordrelated cognitive skills include: a level of literacy [14]; problem-solving abilities [48]; ability to pay focused attention [53] and short-and long-term memory [2,47]. To authenticate using a password, requires retrieving the password from longterm memory, holding it in their working memory (WM), this is cognitively demanding process, often in a noisy and distracting environment.…”

“…Identifying when children have the prerequisite skills to act securely online is important, in terms of providing the right levels of guidance and in deciding what aspects to teach them, whilst acknowledging their online risks. If children use passwords before they are cognitively ready, this increases the likelihood that they will adopt poor password practices that will then continue fostering an insecure cybersecurity culture [2]. This paper reports on a systematic literature review that was undertaken to explore the current landscape of cybersecurity research related to children's cybersecurity knowledge and behaviours.…”

SOK: Young Children's Cybersecurity Knowledge, Skills & Practice: A Systematic Literature Review

“…Alkhamis et al [2] study found that children between the age of 6-9 were able to effectively authenticate with a doodle they created, and this persisted in subsequent trials. Assal et al [6] assessed usability and preference for graphical passwords for children and adults, finding a preference for graphical authentication, with children most effectively recalling distinct objects like an animal, this was also found by Stewart et al [53] in their study with younger children.…”

“…The papers in this review placed greater importance on memory and literacy whilst potentially overlooking problem solving in password generation which could be vital in solving problems with password generation. Children have been observed to have difficulty with authentication and the research suggests memory, attention, and literacy most prominently, the experiences of authentication may then be often negative for children, and this is proposed as affecting the way in which passwords will then be created in the future [2]. It is likely then, that children will choose to create weak passwords to improve authentication experiences, and thus continuing insecure password practice.…”

“…Even so, best practice within cybersecurity, such as creating and authenticating strong passwords, is cognitively challenging for young children in several ways. Passwordrelated cognitive skills include: a level of literacy [14]; problem-solving abilities [48]; ability to pay focused attention [53] and short-and long-term memory [2,47]. To authenticate using a password, requires retrieving the password from longterm memory, holding it in their working memory (WM), this is cognitively demanding process, often in a noisy and distracting environment.…”

“…Identifying when children have the prerequisite skills to act securely online is important, in terms of providing the right levels of guidance and in deciding what aspects to teach them, whilst acknowledging their online risks. If children use passwords before they are cognitively ready, this increases the likelihood that they will adopt poor password practices that will then continue fostering an insecure cybersecurity culture [2]. This paper reports on a systematic literature review that was undertaken to explore the current landscape of cybersecurity research related to children's cybersecurity knowledge and behaviours.…”

SOK: Young Children's Cybersecurity Knowledge, Skills & Practice: A Systematic Literature Review