Security and Usability: A Naturalistic Experimental Evaluation of a Graphical Authentication System

  • Moustapha ZouinarEmail author
  • Pascal Salembier
  • Robin Héron
  • Christophe Mathias
  • Guirec Lorant
  • Jean-Philippe Wary
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 822)


This article sums up results from an experimental study conducted in the context of a research project on the design and assessment of a graphical authentication system (HSA® for Human Semantic Authentication). The experiment addresses different issues related to the usability of the system (performance), and its cognitive demands (memorisation and categorisation). The results put into evidence that, despite the fact that this type of system presents some advantages in terms of use (providing some requirements are observed), it raises nonetheless different problems which put uncertainty on its potential acceptability and use in real world situations. The results illustrate the traditional tension between security and usability.


Graphical authentication Usability Security 



This study was carried out within the framework of a collaborative research contract between Orange Labs and the Troyes University of Technology.


  1. 1.
    Biddle R, Chiasson S, Oorschot PC (2011) Graphical passwords: learning from the first twelve years. Technical Report TR-11-01, School of Computer Science, Carleton UniversityGoogle Scholar
  2. 2.
    Norman DA (2009) The way I see it when security gets in the way. Interactions 16(6):60–63CrossRefGoogle Scholar
  3. 3.
    Wiedenbeck S, Waters J, Birget J-C, Brodskiy A, Memon N (2005) PassPoints: design and longitudinal evaluation of a graphical password system. Int J Hum Comput Stud 63(1):102–127CrossRefGoogle Scholar
  4. 4.
    Davis D, Monrose F, Reiter MK (2004) On user choice in graphical password schemes. In: 13th USENIX security symposium (2004)Google Scholar
  5. 5.
    Jermyn I, Mayer AJ, Monrose F, Reiter MK, Rubin AD (1999) The design and analysis of graphical passwords. In: USENIX Security SymposiumGoogle Scholar
  6. 6.
    Chowdhury S, Poet R, Mackenzie L (2014) Passhint: memorable and secure authentication. In: Proceedings of the SIGCHI conference on human factors in computing systems (CHI’14), pp 2917–2926Google Scholar
  7. 7.
    Salembier P, Zouinar M, Mathias C, Lorant G, Wary J-P (2015) Evaluation ergonomique d’un système d’authentification graphique Actes de la conférence EPIQUE 2015, Aix-en-Provence, 8–10 juillet: Arpege PublishingGoogle Scholar
  8. 8.
    Salembier P, Zouinar M, Mathias C, Lorant G, Wary J-P (2016) Etudes expérimentales d’un système d’authentification graphique basée sur la catégorisation sémantique Actes de la conférence IHM’2016, 26–28 octobre, Fribourg, Suisse. ACMGoogle Scholar
  9. 9.
    Schaub F, Walch M, Könings B, Weber M (2013) Exploring the design space of graphical passwords on smartphones. In: Proceedings of the ninth symposium on usable privacy and security, SOUPS’13, pp 1–15Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Moustapha Zouinar
    • 1
    Email author
  • Pascal Salembier
    • 2
  • Robin Héron
    • 1
  • Christophe Mathias
    • 1
  • Guirec Lorant
    • 1
  • Jean-Philippe Wary
    • 1
  1. 1.Orange LabsParisFrance
  2. 2.Institut Charles Delaunay (UMR 6281 CNRS), Université de Technologie de TroyesTroyesFrance

Personalised recommendations