St Andrews Research Repository

St Andrews University Home
View Item 
  •   St Andrews Research Repository
  • University of St Andrews Research
  • University of St Andrews Research
  • University of St Andrews Research
  • View Item
  •   St Andrews Research Repository
  • University of St Andrews Research
  • University of St Andrews Research
  • University of St Andrews Research
  • View Item
  •   St Andrews Research Repository
  • University of St Andrews Research
  • University of St Andrews Research
  • University of St Andrews Research
  • View Item
  • Login
JavaScript is disabled for your browser. Some features of this site may not work without it.

Security and usability of a personalized user authentication paradigm : insights from a longitudinal study with three healthcare organizations

Thumbnail
View/Open
Constantinides_2022_ACM_TCH_Security_usability_AAM.pdf (1.213Mb)
Date
12/10/2022
Author
Constantinides, Argyris
Belk, Marios
Fidas, Christos
Beumers, Roy
Vidal, David
Huang, Wanting
Kuster Filipe Bowles, Juliana
Webber, Thais
Silvina, Agastya
Pitsillides, Andreas
Funder
European Commission
Grant ID
SEP-210512424
Keywords
Knowledge-based user authentication
Graphical passwords
Usability
Security
Feasibility user study
Human guessing attack study
QA75 Electronic computers. Computer science
NDAS
Metadata
Show full item record
Altmetrics Handle Statistics
Altmetrics DOI Statistics
Abstract
This paper proposes a user-adaptable and personalized authentication paradigm for healthcare organizations, which anticipates to seamlessly reflect patients’ episodic and autobiographical memories to graphical and textual passwords aiming to improve the security strength of user-selected passwords and provide a positive user experience. We report on a longitudinal study that spanned over three years in which three public European healthcare organizations participated in order to design and evaluate the aforementioned paradigm. Three studies were conducted (n=169) with different stakeholders: i) a verification study aiming to identify existing authentication practices of the three healthcare organizations with diverse stakeholders (n=9); ii) a patient-centric feasibility study during which users interacted with the proposed authentication system (n=68); and iii) a human guessing attack study focusing on vulnerabilities among people sharing common experiences within location-aware images used for graphical passwords (n=92). Results revealed that the suggested paradigm scored high with regards to users’ likeability, perceived security, usability and trust, but more importantly it assists the creation of more secure passwords. On the downside, the suggested paradigm introduces password guessing vulnerabilities by individuals sharing common experiences with the end-users. Findings are expected to scaffold the design of more patient-centric knowledge-based authentication mechanisms within nowadays dynamic computation realms.
Citation
Constantinides , A , Belk , M , Fidas , C , Beumers , R , Vidal , D , Huang , W , Kuster Filipe Bowles , J , Webber , T , Silvina , A & Pitsillides , A 2022 , ' Security and usability of a personalized user authentication paradigm : insights from a longitudinal study with three healthcare organizations ' , ACM Transactions on Computing for Healthcare , vol. Just Accepted . https://doi.org/10.1145/3564610
Publication
ACM Transactions on Computing for Healthcare
Status
Peer reviewed
DOI
https://doi.org/10.1145/3564610
ISSN
2691-1957
Type
Journal article
Rights
Copyright © 2022 Association for Computing Machinery. This work has been made available online in accordance with publisher policies or with permission. Permission for further reuse of this content should be sought from the publisher or the rights holder. This is the author created accepted manuscript following peer review and may differ slightly from the final published version. The final published version of this work is available at https://doi.org/10.1145/3564610.
Description
Funding information: This research has been partially supported by the EU Horizon 2020 Grant 826278 "Securing Medical Data in Smart Patient-Centric Healthcare Systems" (Serums) , and the Research and Innovation Foundation (Project DiversePass: COMPLEMENTARY/0916/0182).
Collections
  • University of St Andrews Research
URI
http://hdl.handle.net/10023/26280

Items in the St Andrews Research Repository are protected by copyright, with all rights reserved, unless otherwise indicated.

Advanced Search

Browse

All of RepositoryCommunities & CollectionsBy Issue DateNamesTitlesSubjectsClassificationTypeFunderThis CollectionBy Issue DateNamesTitlesSubjectsClassificationTypeFunder

My Account

Login

Open Access

To find out how you can benefit from open access to research, see our library web pages and Open Access blog. For open access help contact: openaccess@st-andrews.ac.uk.

Accessibility

Read our Accessibility statement.

How to submit research papers

The full text of research papers can be submitted to the repository via Pure, the University's research information system. For help see our guide: How to deposit in Pure.

Electronic thesis deposit

Help with deposit.

Repository help

For repository help contact: Digital-Repository@st-andrews.ac.uk.

Give Feedback

Cookie policy

This site may use cookies. Please see Terms and Conditions.

Usage statistics

COUNTER-compliant statistics on downloads from the repository are available from the IRUS-UK Service. Contact us for information.

© University of St Andrews Library

University of St Andrews is a charity registered in Scotland, No SC013532.

  • Facebook
  • Twitter