Love and Authentication
Author(s): Markus Jakobsson, Erik Stolterman, Susanne Wetzel, Liu Yang

Date: April 2008
Publication: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '08
Page(s): 197 - 200
Publisher: ACM
Source 1: http://www.markus-jakobsson.com/papers/jakobsson-chi08.pdf
Source 2: http://www.ravenwhite.com/files/chi08JSWY.pdf
Source 3: http://dx.doi.org/10.1145/1357054.1357087 - Subscription or payment required

Abstract or Summary:
Passwords are ubiquitous, and users and service providers alike rely on them for their security. However, good passwords may sometimes be hard to remember. For years, security practitioners have battled with the dilemma of how to authenticate people who have forgotten their passwords. Existing approaches suffer from high false positive and false negative rates, where the former is often due to low entropy or public availability of information, whereas the latter often is due to unclear or changing answers, or ambiguous or fault prone entry of the same. Good security questions should be based on long-lived personal preferences and knowledge, and avoid publicly available information. We show that many of the questions used by online matchmaking services are suitable as security questions. We first describe a new user interface approach suitable to such security questions that is offering a reduced risks of incorrect entry. We then detail the findings of experiments aimed at quantifying the security of our proposed method.

PasswordResearch.com Note: Video of presentation on this paper: http://www.youtube.com/watch?v=pypFzJmgPhg


Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com