Document Type


Publication Date

January 2017

Publication Title

Information and Computer Security



Issue Number


First Page


Last Page





Guidelines, Cybersecurity, Usable security, Interface design


Computer Sciences | Information Security | Psychology


PurposeDespite the widespread use of authentication schemes and the rapid emergence of novel authentication schemes, a general set of domain-specific guidelines has not yet been developed. This paper aims to present and explain a list of human-centered guidelines for developing usable authentication schemes.Design/methodology/approachThe guidelines stem from research findings within the fields of psychology, human–computer interaction and information/computer science.FindingsInstead of viewing users as the inevitable weak point in the authentication process, this study proposes that authentication interfaces be designed to take advantage of users’ natural abilities. This approach requires that one understands how interactions with authentication interfaces can be improved and what human capabilities can be exploited. A list of six guidelines that designers ought to consider when developing a new usable authentication scheme has been presented.Research limitations/implicationsThis consolidated list of usable authentication guidelines provides system developers with immediate access to common design issues impacting usability. These guidelines ought to assist designers in producing more secure products in fewer costly development cycles.Originality/valueCybersecurity research and development has mainly focused on technical solutions to increase security. However, the greatest weakness of many systems is the user. It is argued that authentication schemes with poor usability are inherently insecure, as users will inadvertently weaken the security in their efforts to use the system. The study proposes that designers need to consider the human factors that impact end-user behavior. Development from this perspective will address the greatest weakness in most security systems by increasing end-user compliance.


This is the Submitted Manuscript of an article published in the journal Information and Computer Security, volume 25, issue 4, 2017. The Version of Record is available at this link:
SJSU users: use the following link to login and access the article via SJSU databases.