Designing Secure Yet Usable Credential Recovery Systems with Challenge Questions
Author(s): Mike Just

Date: April 2003
Publication: Proceedings of CHI 2003, Workshop on Human-Computer Interaction and Security Systems
Source 1: http://www.andrewpatrick.ca/CHI2003/HCISEC/hcisec-workshop-just.pdf

Abstract or Summary:
We discuss the design of secure systems for recovery of a password, private keys, account privileges or other security credentials or entitlements at a time when a primary security credential (often a password) has been lost or is otherwise inaccessible. Automated recovery techniques can minimize help-desk costs, though efficiency can only be gained if the recovery process is usable. This paper discusses a classification and design of secure and usable challenge question and answer systems; in particular it identifies a distinction between fixed, controlled and open questions and answers.



Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com