Even though the vast majority of children are online, our exploration of the user authentication literature and available tools revealed few alternatives specifically for authenticating children. We create an authentication mechanism that reduces the password burden for children and adds customizable parental oversight to increase security. With Bluink, our industry partner, we iteratively designed and user tested three parent-child prototypes, with each iteration addressing issues raised in the previous iteration. Our final design is a parent-child authentication mechanism based on OpenID and FIDO U2F which allows children to log in to websites without requiring a password and enables parents using their mobile device to remotely determine whether a login request should be granted.

Additional Metadata
Keywords Authentication, Children, Mobile device, Parents, User study
Persistent URL dx.doi.org/10.1145/3098279.3098550
Conference 19th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2017
Citation
Hundlani, K. (Kalpana), Chiasson, S, & Hamid, L. (Larry). (2017). No passwords needed: The iterative design of a parent-child authentication mechanism. In Proceedings of the 19th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2017. doi:10.1145/3098279.3098550