Exploring capturable everyday memory for autobiographical authentication

Authors:
Sauvik Das;Eiji Hayashi;Jason I. Hong
Affiliations:
Carnegie Mellon University, Pittsburgh, PA, USA;Carnegie Mellon University, Pittsburgh, PA, USA;Carnegie Mellon University, Pittsburgh, PA, USA
Venue:
Proceedings of the 2013 ACM international joint conference on Pervasive and ubiquitous computing
Year:
2013

Citing 10
Cited 0

Users are not the enemy

Communications of the ACM
Graphical Passwords: A Survey

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Love and authentication

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Personal knowledge questions for fallback authentication: security questions in the era of Facebook

Proceedings of the 4th symposium on Usable privacy and security
Personal choice and challenge questions: a security and usability assessment

Proceedings of the 5th Symposium on Usable Privacy and Security
It's No Secret. Measuring the Security and Reliability of Authentication via "Secret Questions

SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
So long, and no thanks for the externalities: the rational rejection of security advice by users

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Encountering stronger password requirements: user attitudes and behaviors

Proceedings of the Sixth Symposium on Usable Privacy and Security
Of passwords and people: measuring the effect of password-composition policies

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
CASA: context-aware scalable authentication

Proceedings of the Ninth Symposium on Usable Privacy and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We explore how well the intersection between our own everyday memories and those captured by our smartphones can be used for what we call autobiographical authentication-a challenge-response authentication system that queries users about day-to-day experiences. Through three studies-two on MTurk and one field study-we found that users are good, but make systematic errors at answering autobiographical questions. Using Bayesian modeling to account for these systematic response errors, we derived a formula for computing a confidence rating that the attempting authenticator is the user from a sequence of question-answer responses. We tested our formula against five simulated adversaries based on plausible real-life counterparts. Our simulations indicate that our model of autobiographical authentication generally performs well in assigning high confidence estimates to the user and low confidence estimates to impersonating adversaries.