Security and Usability of a Personalized User Authentication Paradigm: Insights from a Longitudinal Study with Three Healthcare Organizations

Argyris Constantinides, Marios Belk, Christos Fidas, Roy Beumers, David Vidal, Wanting Huang, Juliana Bowles, Thais Webber, Agastya Silvina, Andreas Pitsillides

Research output: Contribution to journalArticlepeer-review

5 Citations (Scopus)


This article proposes a user-adaptable and personalized authentication paradigm for healthcare organizations, which anticipates to seamlessly reflect patients' episodic and autobiographical memories to graphical and textual passwords aiming to improve the security strength of user-selected passwords and provide a positive user experience. We report on a longitudinal study that spanned over 3 years in which three public European healthcare organizations participated to design and evaluate the aforementioned paradigm. Three studies were conducted (n = 169) with different stakeholders: (1) a verification study aiming to identify existing authentication practices of the three healthcare organizations with diverse stakeholders (n = 9), (2) a patient-centric feasibility study during which users interacted with the proposed authentication system (n = 68), and (3) a human guessing attack study focusing on vulnerabilities among people sharing common experiences within location-aware images used for graphical passwords (n = 92). Results revealed that the suggested paradigm scored high with regard to users' likeability, perceived security, usability, and trust, but more importantly it assists the creation of more secure passwords. On the downside, the suggested paradigm introduces password guessing vulnerabilities by individuals sharing common experiences with the end users. Findings are expected to scaffold the design of more patient-centric knowledge-based authentication mechanisms within today's dynamic computation realms.

Original languageEnglish
Article number2
JournalACM Transactions on Computing for Healthcare
Issue number1
Publication statusPublished - 27 Feb 2023


  • Additional Key Words and PhrasesKnowledge-based user authentication
  • feasibility user study
  • graphical passwords
  • human guessing attack study
  • security
  • usability

ASJC Scopus subject areas

  • Software
  • Medicine (miscellaneous)
  • Information Systems
  • Biomedical Engineering
  • Computer Science Applications
  • Health Informatics
  • Health Information Management


Dive into the research topics of 'Security and Usability of a Personalized User Authentication Paradigm: Insights from a Longitudinal Study with Three Healthcare Organizations'. Together they form a unique fingerprint.

Cite this