IJCSNS International Journal of Computer Science and Network Security, VOL.11 No.4, April 2011 151 Manuscript received April 5, 2011 Manuscript revised April 20, 2011 A Secure Usability Design System for User Authentication Ayannuga Olanrewaju O. † , Folorunso Olusegun †† , Akinwale Adio T. †† and Asiribo E. O. ††† , † Department of Computer Technology, Yaba College of Technology, Yaba, Lagos, Nigeria. †† Department of Computer Science, University of Agriculture Abeokuta, Nigeria ††† Department of Statistics University of Agriculture Abeokuta, Nigeria Summary The term usable authentication is been brought about as a result of issues surrounding user memorabiilty. Computer users find it less easy to memorize plain text password compared to images or graphics. Researchers have over the years presented several authentication schemes in an effort to provide users with a usable and yet secure authentication system. Authentication and usability are two important terms that to a large extent determines how good a security system is. Secure systems are often needed in many organizations to keep privacy, ensure data safety, among many others. Though it is a necessity for such systems to be very secure but one thing often neglected by most developers is the user. When a system is too secure that it often leads to circumventing of the system by the users, then such a system is not usable. This paper takes a close look at how usability and authentication can be balanced with the use of graphical passwords by presenting an authentication system that combines the use of text based password and graphics based password. The combined strengths of these schemes present computer users with a secure yet usable authentication scheme. Keywords Authentication, Graphical Password, Security, Text Password and Usability. 1. Introduction With the reduction in the cost of acquiring computer system and huge advancement in the use of computer in many applications such as data transfer, sharing data, login to E-mail or Internet, there is increase in the number of users, which implies increase in data stored in electronic database. This poses a challenging task for system and network administrator to determine user authentication. Authentication has been the catalyst for business organization in information protection and security. In [21], it was stated that Authentication is the process of determining whether a user should be allowed access to a particular system or resource. In [15] it was opined that Authentication is the process of verifying the identity of a certain person. User Authentication involves issues of both usability and security; too often one or the other is ignored even when it is clear that both are important and necessary. To be effective as an authentication mechanism, passwords must simultaneously satisfy two conflicting requirements: they must be difficult to compromise, yet easy to remember. This challenge underscores the importance of considering user behavior when developing security solutions. If users are allowed to create their own passwords, they tend to use common words, names, dates, or other personal information that can be easily remembered [2]. 2. Authentication Authenticating is the process of verifying the identity of a certain person. This has been used for many different purposes throughout history e.g., scouts and other messengers needed to authenticate themselves to city guards and sentries in the past before they were given access to different areas [15]. In the modern electronically wired information society, authentication has gained an even more important role, where user authentication is used to grant access control for many computer systems (UNIX, Linux and Windows). User authentication on these operating systems is usually based on password authentication. The user will hold a username and a password that also is known to the operating system. The authentication process is successful and access is granted if the username and password entered matches the stored values in the operating system. Password user authentication is the most common type of authentication used to ensure system or document protection and it is therefore important to use a secure authentication scheme for these purposes [17]. Password authentication can also be denoted as shared secret authentication, because the user that needs to be authenticated shares a common secret with the operating system.