Question-and-answer passwords: an empirical evaluation
Information Systems
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Protecting secret keys with personal entropy
Future Generation Computer Systems - Special issue on security on the Web
Error-tolerant password recovery
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Cryptography: Theory and Practice
Cryptography: Theory and Practice
On the Design of Challenge Question Systems
IEEE Security and Privacy
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Personal knowledge questions for fallback authentication: security questions in the era of Facebook
Proceedings of the 4th symposium on Usable privacy and security
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
| Hi-index | 0.01 |
We describe a technique aimed at addressing longstanding problems for password reset: security and cost. In our approach, users are authenticated using their preferences. Experiments and simulations have shown that the proposed approach is secure, fast, and easy to use. In particular, the average time for a user to complete the setup is approximately two minutes, and the authentication process takes only half that time. The false negative rate of the system is essentially 0% for our selected parameter choice. For an adversary who knows the frequency distributions of answers to the questions used, the false positive rate of the system is estimated at less than half a percent, while the false positive rate is close to 0% for an adversary without this information. Both of these estimates have a significance level of 5%.