Older users (aged 55 and over) are generally thought to have limited knowledge in online security; additionally, their declining cognitive and perceptive abilities can further expose them to digital attacks. Despite these risks and the growing older population, little has been studied about older users’ security performance, perception, and behavior. We begin to address this gap with this preliminary study. First, we studied older users’ ability to memorize passwords through a multisession user study with seven participants at a local retirement community. For this study, we leveraged a recently-proposed graphical authentication scheme that offers multiple cues (visual, verbal, spatial) to memorize system-assigned random passwords. To tailor this password scheme to an older population, we build on prior work in cognitive psychology that has been done to understand older users’ needs. Second, we conducted a survey to further learn about their security perceptions and practices. Based on what we have learned and the challenges that we have faced during our study, we offer guidelines for other researchers interested in designing new systems and conducting usability study with older population, and we also outline the future work for our ongoing research.

Date of creation, presentation, or exhibit



Presented at the Usable Security (USEC) Workshop, NDSS Symposium 2017, February 26, 2017, San Diego, CA.

Copyright 2017 Internet Society

Document Type

Conference Paper

Department, Program, or Center

Department of Computing Security (GCCIS)


RIT – Main Campus