Love and authentication

Authors:
Markus Jakobsson;Erik Stolterman;Susanne Wetzel;Liu Yang
Affiliations:
Palo Alto Research Center, Palo Alto, CA, USA;Indiana University, Bloomington, IN, USA;Stevens Institute of Technology, Hoboken, NJ, USA;Stevens Institute of Technology, Hoboken, NJ, USA
Venue:
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Year:
2008

Citing 2
Cited 12

Cryptography: Theory and Practice

Cryptography: Theory and Practice
Web-based inference detection

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium

Personal knowledge questions for fallback authentication: security questions in the era of Facebook

Proceedings of the 4th symposium on Usable privacy and security
Quantifying the security of preference-based authentication

Proceedings of the 4th ACM workshop on Digital identity management
It's not what you know, but who you know: a social approach to last-resort authentication

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Personal choice and challenge questions: a security and usability assessment

Proceedings of the 5th Symposium on Usable Privacy and Security
1 + 1 = you: measuring the comprehensibility of metaphors for configuring backup authentication

Proceedings of the 5th Symposium on Usable Privacy and Security
Let Only the Right One IN: Privacy Management Scheme for Social Network

ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Exploring implicit memory for painless password recovery

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Pictures or questions?: examining user responses to association-based authentication

BCS '10 Proceedings of the 24th BCS Interaction Specialist Group Conference
Selections: internet voting with over-the-shoulder coercion-resistance

FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Mercury: recovering forgotten passwords using personal devices

FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Music similarity and retrieval

Proceedings of the 36th international ACM SIGIR conference on Research and development in information retrieval
Exploring capturable everyday memory for autobiographical authentication

Proceedings of the 2013 ACM international joint conference on Pervasive and ubiquitous computing

Quantified Score

Hi-index	0.01

Visualization

Abstract

Passwords are ubiquitous, and users and service providers alike rely on them for their security. However, good passwords may sometimes be hard to remember. For years, security practitioners have battled with the dilemma of how to authenticate people who have forgotten their passwords. Existing approaches suffer from high false positive and false negative rates, where the former is often due to low entropy or public availability of information, whereas the latter often is due to unclear or changing answers, or ambiguous or fault prone entry of the same. Good security questions should be based on long-lived personal preferences and knowledge, and avoid publicly available information. We show that many of the questions used by online matchmaking services are suitable as security questions. We first describe a new user interface approach suitable to such security questions that is offering a reduced risks of incorrect entry. We then detail the findings of experiments aimed at quantifying the security of our proposed method.