Many online services require users to authenticate them- selves to prove their identity. Text-based passwords are the most widely-used authentication mechanism.
Children aged 3-5 are also required to do this, especially during the COVID-19 pandemic.
Young children can struggle with text-based passwords due to their emerging literacy and immature development. The majority of children do not learn to read fluently until age seven. At age four or five, they generally do not have the required skills to create, retain and manage alphanumeric passwords. This might well leave young children vulnerable when online or impose unrealistic demands on their care givers who support them in authenticating themselves.
In a recent paper, we reported on the development and evaluation of two versions of KidzPass, a graphical authentication mechanism that specifically relies on the abilities 3-5 year old children can be expected to possess.
Version 1: For Children Aged 4
This version used photos of people the child was familiar with.
Version 2: For Children Aged 5-6
This version used the children’s own drawn doodles.
These mechanisms could teach the children valuable lessons about authenticating, without requiring them to be able to read and spell. When they are literate, they can start using alphanumeric passwords.
Michaela Stewart, Mhairi Campbell, Karen Renaud, Suzanne Prior. KidzPass: Authenticating Pre-Literate Children. The 2020 Dewald Roode Workshop on Information Systems Security Research October 2, 2020 – October 3, 2020