Alternative Authentication for Students, Part 2 - Pictograph Authentication

     

Pictograph Authentication


Technology in the classroom creates usability issues for very young students in pre-k, kindergarten, and first grade, as well as special education students. For many of these students, remembering and typing even simple usernames and traditional passwords is a struggle.

As a result, valuable classroom time is wasted helping students log in or educators resort to using workarounds and generic logins. All of these options are less than ideal, especially because they can create teacher resistance that discourages educators from adopting and utilizing classroom technologies.

Luckily, there are kid-friendly alternative authentication methods that overcome many of these usability challenges. 

Our answer is to implement a secure, user-friendly two-factor authentication (2FA) that combines QR code badges with pictograph authentication. In the first post of this two-part series, we talked about QR code authentication. This post discusses pictograph authentication and the benefits of combining the two forms of authentication.

How Pictograph Authentication Works

Pictographs offer a simple yet powerful alternative to text-based password authentication. When paired with a QR code badge, the badge acts as something the user has and replaces the need to type in a username. The pictographs act as something the user knows, replacing traditional text-based passwords with a set of user-selected pictographs (three pictographs is the default with RapidIdentity).

First, the user holds the QR code badge up to the computer’s camera. Once the computer recognizes the code, the user is prompted to authenticate his or her identity with the pictograph password.

The user is shown several sets of randomized images (nine at a time is the default with RapidIdentity), and the user selects one image per round until he or she has selected the images that make up his or her pictograph password. If the correct images are selected, the user is permitted access.

Benefits

Images Are Easy to Remember

One of the biggest benefits of pictograph authentication is that pictures are easier to remember than text. This is known as the picture superiority effect. When we only read text, we are likely to remember only 10 percent of the information after three days. If we read text combined with a relevant image, we’re likely to remember 65 percent of the information three days later.

Research has also shown that we remember 80 percent of images, versus 20 percent of text. Moreover, visuals are processed by our brains 60,000 times faster than text.

Less Complex

Pictographs are less complex than traditional, text-based passwords, making them ideal for first grade, kindergarten, and special education students. Access to a user’s applications is gained in a matter of several clicks, so there’s no typing required—a crucial upside when it comes to students who don’t have a firm grasp on reading and writing yet.

Plus, users only have to remember three images (although that number can be customized), as opposed to the 8 to 15 uppercase and lowercase letters, numbers, and symbols they would need to recall for complex passwords.

All of this means that password resets and help desk calls are virtually eliminated, so there’s no classroom downtime, and the help desk can focus on more strategic priorities.

Customizable

As mentioned in the previous section, the pictograph authentication process can be customized. Administrators can change the images used, the number of pictures shown at a time, and the number of images required to make up a password.

Users Don’t Have to Carry Anything

Another advantage to pictographs is that because it’s knowledge-based authentication, users don’t have to carry a badge or token, which kids could lose, forget, or swap with their friends.

Drawbacks

Pictograph Passwords Must Be Set Up

Pictograph passwords do have to be set up initially, meaning classroom time must be spent helping students select their pictographs and showing them how to log in.

Similar Limitations as Passwords

Unlike some more secure forms of authentication, a user’s selected pictograph password is static, meaning it doesn’t change each session. Users select a set number and variety of images for their “passwords” (akin to text-based passwords), making it possible to guess or steal them.

As with text-based passwords, pictographs can also fall prey to poor security practices. Students might reuse pictograph combinations, or teachers could maintain a list of students’ pictographs for easy reference.

Less Complex

While this reduced complexity makes pictograph authentication more user-friendly, it also makes them less secure as a standalone authentication method. Text-based passwords provide greater complexity and a wealth of combinations by using mixed case, symbols, numbers, and varying lengths. This makes it much easier to guess a three-pictograph password than your typical text-based password, especially if you know a student’s interests.

This is why we advocate using pictograph authentication in combination with QR code badges, as well as transitioning students to other forms of authentication as they get older.

Prone to Shoulder Surfing

The simple, visual nature of pictograph passwords makes them prone to shoulder surfing. It’s possible for students to watch their friends make pictograph selections and then access their accounts based on that.

Pictographs and QR Codes: Age-Appropriate Authentication

Technology in the classroom doesn’t have to be a burden. Just because students are very young or in special education classes doesn’t mean that you have to compromise with generic logins or creative workarounds—or simply avoid the problem altogether by not introducing technology to these students. Age-appropriate authentication helps eliminate the disruption and wasted time associated with login issues and forgotten passwords.

QR code badges and pictograph authentication offer user-friendly alternatives to traditional username and password authentication. When combined, they can be used as secure 2FA that overcomes many usability challenges while getting kids in the positive habit of using 2FA early on.

dispelling-the-mythos-of-sso-portals-vs-full-featured-iam-systems

Comments

Subscribe Here!