Question-and-answer passwords: an empirical evaluation
Information Systems
On the Design of Challenge Question Systems
IEEE Security and Privacy
An inquiry into the nature and causes of the wealth of internet miscreants
Proceedings of the 14th ACM conference on Computer and communications security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Email-Based Identification and Authentication: An Alternative to PKI?
IEEE Security and Privacy
Security and usability: the gap in real-world online banking
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Messin' with texas deriving mother's maiden names using public records
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Quantifying the security of preference-based authentication
Proceedings of the 4th ACM workshop on Digital identity management
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
It's not what you know, but who you know: a social approach to last-resort authentication
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Social applications: exploring a more secure framework
Proceedings of the 5th Symposium on Usable Privacy and Security
Personal choice and challenge questions: a security and usability assessment
Proceedings of the 5th Symposium on Usable Privacy and Security
1 + 1 = you: measuring the comprehensibility of metaphors for configuring backup authentication
Proceedings of the 5th Symposium on Usable Privacy and Security
Privacy-enabling social networking over untrusted networks
Proceedings of the 2nd ACM workshop on Online social networks
Under my pillow: designing security for children's special things
Proceedings of the 23rd British HCI Group Annual Conference on People and Computers: Celebrating People and Technology
Let Only the Right One IN: Privacy Management Scheme for Social Network
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Users' (mis)conceptions of social applications
Proceedings of Graphics Interface 2010
Authentication technologies for the blind or visually impaired
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
On the usability of user interfaces for secure website authentication in browsers
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Pictures or questions?: examining user responses to association-based authentication
BCS '10 Proceedings of the 24th BCS Interaction Specialist Group Conference
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
International Journal of Human-Computer Studies
Mercury: recovering forgotten passwords using personal devices
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
All your face are belong to us: breaking Facebook's social authentication
Proceedings of the 28th Annual Computer Security Applications Conference
Music similarity and retrieval
Proceedings of the 36th international ACM SIGIR conference on Research and development in information retrieval
Exploring capturable everyday memory for autobiographical authentication
Proceedings of the 2013 ACM international joint conference on Pervasive and ubiquitous computing
Privacy and security issues in social networks: an evaluation of Facebook
Proceedings of the 2013 International Conference on Information Systems and Design of Communication
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
CloudSweeper: enabling data-centric document management for secure cloud archives
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Hi-index | 0.00 |
Security questions (or challenge questions) are commonly used to authenticate users who have lost their passwords. We examined the password retrieval mechanisms for a number of personal banking websites, and found that many of them rely in part on security questions with serious usability and security weaknesses. We discuss patterns in the security questions we observed. We argue that today's personal security questions owe their strength to the hardness of an information-retrieval problem. However, as personal information becomes ubiquitously available online, the hardness of this problem, and security provided by such questions, will likely diminish over time. We supplement our survey of bank security questions with a small user study that supplies some context for how such questions are used in practice.