Please add comments and discuss this paper – the liveliness of the discussion will help us decide the most suitable papers to be presented at Alt-HCI in September.
Abstract: Passwords, in theory, are a good idea. They have the potential to act as a fairly strong gateway to protected information and services. In reality, lots of problems emerge when passwords are used by normal people in their everyday lives. The great thing about passwords is that they are universally accessible, and very easy to add to any application. They are also well-established and a mechanism that users readily understand. However, passwords are also (1) easily shared, (2) trivial to observe and (3) maddeningly elusive when forgotten. Various alternatives to passwords have been proposed, many of which try to address at least one of the problems mentioned above. Alternatives to passwords are often judged harshly because, whereas they might well demonstrate superior memorability, they might well fail in terms of universal accessibility, or require extra effort on the part of the user. There seems to be a reluctance to lose the benefits of passwords and to switch to another mechanism, even if the most glaring flaws of passwords have been addressed. Graphical authentication mechanisms are a case in point. They have demonstrated their superior memorability but still suffer from observability flaws. The question we pose in this article is whether users care about this, and whether this is really the deal-breaker it appears to be in terms of adopting alternatives which are indeed susceptible to observation.