Abstract
Governments and businesses are moving online with alacrity, driven by potential cost savings, changing consumer and citizen expectations, and the momentum towards general digital provision. Services are legally required to be inclusive and accessible. Now consider that almost every online service, where people have to identify themselves, requires a password. Passwords seem to be accessible, until one considers specific disabilities, one of which can lead to many challenges: dyslexia being a case in point. Dyslexia is associated with word processing and retention difficulties, and passwords are essentially words, phrases or alphanumeric combinations. We report on a literature review conducted to identify extant research into the impact of dyslexia on password usage, as well as any ameliorations that have been proposed. We discovered a relatively neglected field. We conclude with recommendations for future research into the needs of a large population of dyslexics who seem to struggle with passwords, in a world where avoiding passwords has become almost impossible. The main contribution of this paper is to highlight the difficulties dyslexics face with passwords, and to suggest some avenues for future research in this area.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
The ability to create, retain and enter passwords requires a number of cognitive skills. These include literacy, the ability to focus, creativity, problem-solving, decision making, attentional abilities, and the ability to keep secrets [34]. When someone enters a password, they subsequently have to be able to remember it, including the exact spelling, or order, of the password symbols. Having done so, they have to type the password, mentally tracking the position of the character typed, and advancing to the next character as they type. For many, this is straightforward. However, consider how one specific disability, dyslexia, affects this process. Dyslexia has been defined [20] as: “…a specific learning disability that is neurobiological in origin. It is characterized by difficulties with accurate and/or fluent word recognition and by poor spelling and decoding abilities… Secondary consequences may include problems in reading comprehension and reduced reading experience that can impede growth of vocabulary and background knowledge.”
Powell et al. [33] consider dyslexia as something of a mismatch between overall cognitive and language ability. They state that this mismatch and extent of disability varies from person to person. Dyslexics generally have poor handwriting, spelling and reading. They sometimes have poor short-term memory abilities and can organise themselves inadequately. On the other hand, many are particularly strong at visualisation, spatial awareness, creativity, and lateral thinking [52].
The research literature into dyslexia, which spans many years, is extensive and occasionally contradictory, with continued debates, especially in the domains of definition and diagnosis. As Kirby [23] points out: “it is useful to think of dyslexia as a both an ongoing psychological diagnosis and a social construct, with all that entails” (p.59).
Whatever its nature, the difficulties experienced by dyslexics are clear. One particular difficulty lies in processing sequenced symbolic information [33]. Morris et al. [30] explored the impact of dyslexia on web searching, given the need to be able to spell and read efficaciously, and recommend enhancing readability into search interfaces to help dyslexics. Powell et al. [33] suggest a number of guidelines for the design of websites to accommodate those with dyslexia; however, these are not necessarily applicable to authentication design where passwords are the dependency. De Santana et al. [11] also derived a number of guidelines to inform the design of accessible websites for dyslexics.
However, creating, remembering and entering passwords also requires skills that many dyslexics tend to struggle with [37]. Helkala [19] explores the dimensions of these difficulties. Spelling is particularly challenging for dyslexics [15]. Spelling of words is unstable, with many dyslexics spelling the same word differently on different days, with frequent confusion of letter ordering within words. Figure 1 demonstrates the difficulties dyslexics experience in reading, via the example of relatively simple words. Figure 2 demonstrates how a password such as “Belladonna!” could be altered due to dyslexia.
This image demonstrates how dyslexics might see words [25] (p.5).
This image demonstrates how dyslexics might enter a password
Some estimates suggest that up to 20% of English speakers suffer from dyslexia [30]. Given the fact that, at least in the European Union, websites are required to ensure accessibility, and as the W3C advises [49], we cannot ignore the fact that passwords and dyslexia might well be a problematical combination. There is evidence that some dyslexics make use of spelling checkers to alleviate or correct the errors they might make in other web uses [2]. On the other hand, spell-checkers are an inappropriate tool to alleviate password-related issues, nor are electronic readers useful in this respect [37].
Other opportunities to explore authentication options, for example in the recent design of ATM (Automated Teller Machine) interface to accommodate dyslexics [44], have not focused upon this aspect of PIN authentication. Alternatives such as biometrics [8, 38] or alternative visual approaches (e.g. [9, 10]) have also been proposed. Shih et al. [43] have attempted to address the core elements of the interaction design in terms of fonts, ordering, colours and contrast, and so forth, as do, for instance, UX Movement [47]. We wanted to find guidelines that applied specifically to authentication design, and to the most widely used authentication mechanism, the password. As a relative of the password, the verification and confirmation codes, and on-time passwords, which continue to proliferate, will require attention we assume. The next section outlines how we went about doing this.
2 Literature Review
We searched the literature to exhaustively to find out what the research had to teach us about how dyslexics cope with passwords, the challenges they experience, and the solutions proposed to help them. We used the search term: (“dyslexia” or “dyslexic”) and “passwords”. Papers were included if they reported on dyslexics using passwords. In terms of criteria, if dyslexia was only mentioned in passing, or the paper was not considering passwords, then this was excluded from our comprehensive search results. As recommended by Lowry [27], we searched Academic Search Premier, SCOPUS, Social Science Citation Index, Science Citation Index, ACM Digital Library, IEEE Xplore, Springer, JSTOR, ProQuest, PsychInfo and ERIC.
Our simplified and truncated review meant that peer reviewed papers and chapters were included, as were postgraduate theses and related papers, although all patents were deliberately excluded. We attempted a thorough search, and adapted our criteria for inclusion as we encountered several challenges finding relevant literature in this specific area of conjunction. In many respects, we have noted a HCI (Human-Computer Interaction) bias within many of the resulting finds. Figure 3 depicts the range of research that we identified as touching on dyslexia that emerged from our literature search. It highlights the sparse attention paid to passwords across all these papers and visualises the relationship between many of the key areas.
Range of dyslexia related research (Password Topics Highlighted)
Our main results are illustrated in Table 1, wherein the more salient papers are grouped together within their associated topic and category. This categorisation was developed bottom-up, taking a pragmatic approach, to the drawing out these five main themes in order to develop our understanding of previous research as reflected by the literature within the domain.
Only three prior studies relate to our topic of interest. The work of Subashini and Sumitra [45], addressing disabilities and passwords, examined the use of One-Time Passwords (OTPs) and multimodal approaches in the context of banking-like authentication. Dyslexic users were studied alongside people with visual disabilities, as they advocated for approaches encompassing more than one modality. Similarly, Helkala [19] looked at some of the inherent issues in recall, delay and misspelling. The password alternative explored by Gibson et al. [16] used musical clips instead of alphanumeric strings. People chose “their” secret clip from successive challenge sets, in order to authenticate. The paper alludes to the benefits of such a scheme in improving authentication accessibility for dyslexics.
3 Reflections on the Literature and Emerging Trends
The literature demonstrates a growing use and application of augmented environments and approaches, perhaps as a function of advancement of technology. In line with the development of assistive technologies, designed to support those with a myriad of challenges, we predict increasing deployment of mixed reality technologies in this respect.
For many services offered online, or at least accessed after online authentication, there is a growth of hybrid and multi-step approaches. Whilst improving overall security, these are likely to negatively affect those with dyslexia. The expectation of further handling and use of passwords and extra steps being required is inherent in this approach. The OTP (one-time password) approach is similar in many regards, often requiring entry of a meaningless alphanumeric string. The way in which those with dyslexia encounter these scenarios, where ability to replicate a string perfectly is required is, thus far, relatively neglected. The research by Fuglerud and Dale [13] being a notable exception, their work tackling identity management and passwords for the elderly and those with disability.
As we are often reminded, password strength is generally encouraged, in order to improve access, and thus system security (e.g. [32]). However, it is likely that, from the viewpoint of a dyslexic user, this will worsen matters, making the task of remembering and entering the password correctly even more challenging. There are open research questions related to how dyslexics currently cope with increasing password strength requirements. Which strategies are adopted and how do these impact security and usability?
The competing constructs and requirements of security and usability have been noted as a balancing act of sorts (e.g. [18]). Our investigation highlights a third construct that cannot be ignored: that of accessibility. The Web Accessibility Initiative explains that accessibility “addresses discriminatory aspects related to equivalent user experience for people with disabilities” [50].
We have had over two decades to try to resolve the tension between security and usability identified by Adams and Sasse [1]. The addition of accessibility as an extra dimension undeniably adds complexity to the design process. The tensions between these three needs potentially compete with one another in the designer’s mind.
Accessibility needs cannot be ignored. The UK’s Disability Discrimination ActFootnote 1 of 1995 requires websites to ensure equality in access to people with all kinds of disabilities. The European Union also has an accessibility actFootnote 2 which requires those delivering products and services to accommodate the disabled. Finally, the United Nations Convention on the Rights of Persons with DisabilitiesFootnote 3, adopted on the 13 December 2006, is the first international, legally binding instrument that sets minimum standards for the rights of people with disabilities. Accessibility is clearly a legal mandate and there is no reason to believe that password authentication is excluded.
A number of researchers have highlighted existing accessibility issues that impact people with different kinds of disabilities e.g. blindness [44], age-related infirmities [47] and general accessibility failures of e-government websites [24]. It is clear that authentication design also needs to ensure accessibility to accommodate the needs of dyslexics and people with other disabilities, in addition to paying attention to security and usability design considerations.
Limitation of our investigation into dyslexia and password usage, reported here, include our focus solely on English language literature, excluding all literature in other languages. In addition, we adopted a narrow, security-focus, in our review and examination of this condition, as opposed to a addressing much broader social and psychological perspective.
4 Discussion and Recommendations for Future Research
In summary, from our practical review of the literature, and the discovery of this largely neglected topic of dyslexia in the context of password usage, we propose several recommendations for future research. These are:
-
1)
Real-world coping strategies and behaviours – given the dearth of studies in the area of dyslexia and password usage, research is needed to study how dyslexic users of systems approach password creation, retention and everyday use. It is likely that coping strategies are, to a certain extent, common across this group, and may lead to suggestions as to how we may design more accessible and dyslexic-friendly authentication approaches.
-
2)
Password managers and their adoption – in what ways can we refine and adapt approaches to strong and yet centralised passwords to enable a more convenient usage experience for those experiencing dyslexia challenges. How can this be implemented effectively across multiple devices and platforms, e.g. mobile devices.
-
3)
Multi-factor authentication – where some tokens are to be remembered, or indeed, where OTPs have to be entered, are clearly going to negatively impact dyslexics. How can these mechanisms be made more accommodating of, or designed for, the needs of dyslexic users? A growing number of services demand multi-stage authentication, and this may prove increasingly problematic.
-
4)
Alternative authentication mechanisms – as we look to more inclusive perspectives to authentication, and as more essential services mandate passwords, can we consider a greater diversity of technologies, processes and opportunities to meet the needs of those for whom alphanumeric passwords are challenging [10, 16]. What additional accessibility issues may such alternatives introduce?
-
5)
Understanding dyslexia in the security context – there is a growing body of literature in the area of pupils, students and learning (for those with dyslexia and similar challenges). The demands of particular technology-mediated tasks warrants serious consideration in order to ensure that we design security for all.
-
6)
Carrying out studies with dyslexics – for ethical purposes it is important for truly informed consent to be obtained. For dyslexics, this means ensuring that the consent form is clear, unambiguous and uses simple language. Online survey pre-screening could assist in providing access to participants, but is dependent on them self-identifying as such. Moreover, it might be best to conduct verbal interviews rather than asking dyslexics to complete online surveys.
In summary, dedicated research in this area should seek to answer at least the following research questions:
-
1)
In which contexts do dyslexics struggle with passwords, and to what extent?
-
2)
What strategies do dyslexics employ, if any, to cope with the demands of passwords?
-
3)
How could we help dyslexics to cope with the passwords and equivalent authentication steps, in their lives?
-
4)
How should organizations go about making their websites and services more accessible to dyslexics if they use passwords as an authentication mechanism?
5 Conclusion
In this paper, we highlight the fact that dyslexics are likely to struggle with passwords and make the argument for accessibility, and this specific area, to join security and usability as essential dimensions of the authentication design process. Until some other authentication mechanism supplants the password in everyday life, accessibility of authentication needs to be given the prominence it deserves. It is proposed that people-based rigorous research is required to gain a deeper understanding of dyslexia and its impact. We suggest some directions for essential research in this area.
References
Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)
Baeza-Yates, R., Rello, L.: Estimating dyslexia in the web. In: Proceedings of the International Cross-Disciplinary Conference on Web Accessibility, pp. 1–4 (2011)
Berget, G., Sandnes, F.E.: Do autocomplete functions reduce the impact of dyslexia on information-searching behavior? The case of Google. J. Assoc. Inf. Sci. Technol. 67(10), 2320–2328 (2016)
Berget, G., Fagernes, S.: “I’m not Stupid” - attitudes towards adaptation among people with dyslexia. In: Kurosu, M. (ed.) HCI 2018. LNCS, vol. 10901, pp. 237–247. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91238-7_20
Broadhead, M., Daylamani-Zad, D., Mackinnon, L., Bacon, L.: A multisensory 3D environment as intervention to aid reading in dyslexia: a proposed framework. In: Proceedings of the 10th International Conference on Virtual Worlds and Games for Serious Applications, pp. 1–4. IEEE (2018)
Chai, J.Y., Chen, C.J.: A research review: how technology helps to improve the learning process of learners with dyslexia. J. Cogn. Sci. Hum. Dev. 2(2), 26–43 (2017)
Cole, L., MacFarlane, A., Makri, S.: More than words: the impact of memory on how undergraduates with dyslexia interact with information. In: Proceedings of CHIIR 2020, Vancouver, Canada, pp. 1–5 (2020)
Coventry, L., De Angeli, A., Johnson, G.I.: Usability and biometric verification at the ATM interface. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 153–160. Association for Computing Machinery (ACM) (2003)
De Angeli, A., Coutts, M., Coventry, L., Johnson, G.I., Cameron, D., Fischer, M.H.: VIP: a visual approach to user authentication. In: De Marsico, M., Levialdi, S., Panizzi, E. (eds.) Proceedings of the Working Conference on Advanced Visual Interfaces, AVI 2002, pp. 316–323. Association for Computing Machinery (ACM), New York (2002)
De Angeli, A., Coventry, L., Johnson, G.I., Renaud, K.: Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. Int. J. Hum. Comput. Stud. 63(1–2), 128–152 (2005)
De Santana, V.F., de Oliveira, R., Almeida, L.D.A. Baranauskas, M.C.C.: Web accessibility and people with dyslexia: a survey on techniques and guidelines. In: Proceedings of the International Cross-Disciplinary Conference on Web Accessibility, pp. 1–9 (2012)
Fourney, A., Morris, M.R., Ali, A., Vonessen, L.: Assessing the readability of web search results for searchers with dyslexia. In: The 41st International ACM SIGIR Conference on Research & Development in Information Retrieval, pp. 1069–1072 (2018)
Fuglerud, K., Dale, O.: Secure and inclusive authentication with a talking mobile one-time-password client. IEEE Secur. Priv. 9(2), 27–34 (2011)
Garcia, J.M.: The lived experience of adolescents with dyslexia. Master of Science in Communication Sciences and Disorders. University of New Hampshire (2007)
Ghisi, M., Bottesi, G., Re, A.M., Cerea, S., Mammarella, I.C.: Socioemotional features and resilience in Italian university students with and without dyslexia. Front. Psychol. 7, 478 (2016)
Gibson, M., Renaud, K., Conrad, M., Maple, C.: Play that funky password!: recent advances in authentication with music. In: Handbook of Research on Emerging Developments in Data Privacy, pp. 101–132. IGI Global (2015)
Gooch, D., Vasalou, A., Benton, L., Khaled, R.: Using gamification to motivate students with dyslexia. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, pp. 969–980 (2016)
Gutmann, P., Grigg, I.: Security usability. IEEE Secur. Priv. 3(4), 56–58 (2005)
Helkala, K.: Disabilities and authentication methods: usability and security. In: 2012 Seventh International Conference on Availability, Reliability and Security, pp. 327–334. IEEE (2012)
International Dyslexia Organization. https://dyslexiaida.org/definition-of-dyslexia/. Accessed 8 Mar 2019
Kalyvioti, K., Mikropoulos, T.A.: Virtual environments and dyslexia: a literature review. In: 5th International Conference on Software Development and Technologies for Enhancing Accessibility and Fighting Info-exclusion, DSAI 2013, Procedia Computer Science, vol. 27, pp. 138–147 (2014)
Kazakou, M.N., Soulis, S.: Feedback and the speed of answer of pupils with dyslexia in digital activities. In: 6th International Conference on Software Development and Technologies for Enhancing Accessibility and Fighting Infoexclusion, DSAI 2015, Procedia Computer Science, vol. 67, pp. 204–212 (2015)
Kirby, P.: A brief history of dyslexia. Psychol. BPS 31, 56–59 (2018)
Kuzma, J.M.: Accessibility design issues with UK e-government sites. Gov. Inf. Q. 27(2), 141–146 (2010)
Kwarteng-Amaning, E., Michaels, F., Maher, C.: Dyslexia awareness workshop. https://www.wandsworthccg.nhs.uk/newsAndPublications/Publications/PPI/Dyslexia%20Awareness%20Workshop%2003.07.pdf. Accessed 10 Mar 2020
Leitão, S., et al.: Exploring the impact of living with dyslexia: the perspectives of children and their parents. Int. J. Speech-Lang. Pathol. 19(3), 322–334 (2017)
Lowry, P.B.: An emerging scholar’s guide to the leading international information systems and business analytics research resources and publication outlets (2002). https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3252222
McCarthy, J.E., Swierenga, S.J.: What we know about dyslexia and web accessibility: a research review. Univ. Access Inf. Soc. 9, 47–152 (2010). https://doi.org/10.1007/s10209-009-0160-5
Michail, K.: Dyslexia: the experiences of university students with dyslexia. Doctoral dissertation, University of Birmingham (2010)
Morris, M.R., Fourney, A., Ali, A., Vonessen, L.: Understanding the needs of searchers with dyslexia. In: Proceedings of the CHI Conference on Human Factors in Computing Systems, pp. 1–12 (2018)
Naz, A., Nasreen, A., Liaquat, S., Shoukat, H.: An investigative study of learning disabilities in students studying computer. J. Secondary Educ. Res. 1(1), 35–43 (undated)
Ophoff, J., Dietz, F.: Using gamification to improve information security behavior: a password strength experiment. In: 12th IFIP World Conference on Information Security Education (WISE), June 2019, Lisbon, Portugal, pp. 157–169 (2019)
Powell, N., Moore, D., Gray, J., Finlay, J., Reaney, J.: Dyslexia and learning computer programming. Innov. Teach. Learn. Inf. Comput. Sci. 3(2), 1–12 (2004)
Prior, S., Renaud, K.: Age-appropriate password “Best Practice” ontologies for early educators and parents. Early Child. Educ. J. 23–24, 100169 (2020)
Rega, A., Mennitto, A.: Augmented reality as an educational and rehabilitation support for developmental dyslexia. In: Proceedings of ICERI 2017 Conference, 16th–18th November, Seville, Spain, pp. 6969–6972 (2017)
Rello, L., Baeza-Yates, R., Saggion, H., Bayarri, C., Barbosa, S.D.: An iOS reader for people with dyslexia. In: Proceedings of the 15th International ACM SIGACCESS Conference on Computers and Accessibility, pp. 1–2 (2013)
Rello, L., Ballesteros, M., Bigham, J.P.: A spellchecker for dyslexia. In: Proceedings of the 17th International ACM SIGACCESS Conference on Computers & Accessibility, pp. 39–47 (2015)
Riley, C., Buckner, K., Johnson, G., Benyon, D.: Culture & biometrics: regional differences in the perception of biometric authentication technologies. AI Soc. 24(3), 295–306 (2009). https://doi.org/10.1007/s00146-009-0218-1
Robson, L.: Additional help, additional problem – issues for supported dyslexic students. In: HEA STEM Annual Conference, 30 April - 01 May 2014, University of Edinburgh, Scotland (2014)
Rontou, M., Provision for students with dyslexia in EFL: an ethnographic case study. Doctoral dissertation, University of Birmingham (2010)
Shaywitz, S.E.: Dyslexia. N. Engl. J. Med. 338(5), 307–312 (1998)
Shaywitz, S.E., Shaywitz, B.A.: Dyslexia (specific reading disability). Biol. Psychiat. 57(11), 1301–1309 (2005)
Shih, M-S., Chang, J-C., Cheng, T.Y.: The design guideline for dyslexics-friendly Chinese ATM interface. In: IC4E 2019: Proceedings of the 10th International Conference on E-Education, E-Business, E-Management and E-Learning, pp. 416–420 (2019)
Stanford, B.: Barriers at the ballot box: the (In) accessibility of UK polling stations. Coventry Law J. 24(1), 87–92 (2019)
Subashini, K., Sumithra, G.: Secure multimodal mobile authentication using one time password. In: Second International Conference on Current Trends in Engineering and Technology ICCTET, pp. 151–155. IEEE (2014)
Tadros, K., Fiset, D., Gosselin, F., Arguin, M.: A medium spatial frequency trough causes letter-by-letter dyslexia in normal readers. J. Vis. 9(8), 822 (2009)
Vitman-Schorr, A., Ayalon, L., Khalaila, R.: Perceived accessibility to services and sites among Israeli older adults. J. Appl. Gerontol. 38(1), 112–136 (2019)
UX Movement.: 6 Surprising Bad Practices That Hurt Dyslexic Users. https://uxmovement.com/content/6-surprising-bad-practices-that-hurt-dyslexic-users/. Accessed 10 Mar 2020
W3C – Web Accessibility Initiative: Web Content Accessibility Guidelines (WCAG) 2 requirements and techniques. https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0. Accessed Mar 2020
W3C – Web Accessibility Initiative. Accessibility, Usability, and Inclusion. https://www.w3.org/WAI/fundamentals/accessibility-usability-inclusion/. Accessed Mar 2020
Warrington, E.K., Shallice, T.I.M.: Word-form dyslexia. Brain: J. Neurol. 103(1), 99–112 (1980)
Wilson, P.: Dyslexics, know your brain. https://senmagazine.co.uk/articles/1096-how-your-brain-works-differently-as-a-dyslexic.html. Accessed Jan 2020
Wu, S., Reynolds, L., Li, X., Guzmán, F.: Design and evaluation of a social media writing support tool for people with dyslexia. In: Proceedings of CHI 2019, 4–9 May, Glasgow, Scotland, UK, pp. 1–14. ACM (2019)
Acknowledgements
We are grateful to the School of Design and Informatics, Abertay University, for funding this research. Also, we thank our colleagues and students in the Division of Cyber Security for their keen input into discussions and deliberations.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 IFIP International Federation for Information Processing
About this paper
Cite this paper
Renaud, K., Johnson, G., Ophoff, J. (2020). Dyslexia and Password Usage: Accessibility in Authentication Design. In: Clarke, N., Furnell, S. (eds) Human Aspects of Information Security and Assurance. HAISA 2020. IFIP Advances in Information and Communication Technology, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-030-57404-8_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-57404-8_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57403-1
Online ISBN: 978-3-030-57404-8
eBook Packages: Computer ScienceComputer Science (R0)
