Human-centered authentication guidelines

Jeremiah D. Still (Department of Psychology, Old Dominion University, Norfolk, Virginia, USA)
Ashley Cain (Department of Psychology, Old Dominion University, Norfolk, Virginia, USA)
David Schuster (Department of Psychology, San Jose State University, San Jose, California, USA)

Information and Computer Security

ISSN: 2056-4961

Publication date: 9 October 2017



Despite the widespread use of authentication schemes and the rapid emergence of novel authentication schemes, a general set of domain-specific guidelines has not yet been developed. This paper aims to present and explain a list of human-centered guidelines for developing usable authentication schemes.


The guidelines stem from research findings within the fields of psychology, human–computer interaction and information/computer science.


Instead of viewing users as the inevitable weak point in the authentication process, this study proposes that authentication interfaces be designed to take advantage of users’ natural abilities. This approach requires that one understands how interactions with authentication interfaces can be improved and what human capabilities can be exploited. A list of six guidelines that designers ought to consider when developing a new usable authentication scheme has been presented.

Research limitations/implications

This consolidated list of usable authentication guidelines provides system developers with immediate access to common design issues impacting usability. These guidelines ought to assist designers in producing more secure products in fewer costly development cycles.


Cybersecurity research and development has mainly focused on technical solutions to increase security. However, the greatest weakness of many systems is the user. It is argued that authentication schemes with poor usability are inherently insecure, as users will inadvertently weaken the security in their efforts to use the system. The study proposes that designers need to consider the human factors that impact end-user behavior. Development from this perspective will address the greatest weakness in most security systems by increasing end-user compliance.



Still, J., Cain, A. and Schuster, D. (2017), "Human-centered authentication guidelines", Information and Computer Security, Vol. 25 No. 4, pp. 437-453.

Download as .RIS



Emerald Publishing Limited

Copyright © 2017, Emerald Publishing Limited

Please note you might not have access to this content

You may be able to access this content by login via Shibboleth, Open Athens or with your Emerald account.
If you would like to contact us about accessing this content, click the button and fill out the form.
To rent this content from Deepdyve, please click the button.