A Review of Real World Security Questions & Answers
Author(s): Bruce K. Marshall


Abstract:
Security questions and answers have become a popular secondary authenticator for online sites. While security professionals have generally dismissed them as a good choice they don't seem to be disappearing. In this talk Bruce shares his analysis of actual user security question and answer choices that were leaked through three different database dumps in the past year. He uses this real world data to demonstrate where security questions seem to have their greatest weaknesses and discusses how to steer implementations towards providing better security. For comparison we will also look at how the statistics from these environments compare to previous academic studies of security questions.

PasswordResearch.com Note: Video of presentation available: https://www.youtube.com/watch?v=CbJvN-6CT6Y


Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com