A Review of Real World Security Questions & Answers
Date: July 2013
Publication: Passwords13 Las Vegas
Source 1: http://www.passwordresearch.com/files/A%20Review%20of%20Real%20World%20Security%20Questions%20Answers%20-%20PasswordsCon13.pdf
Security questions and answers have become a popular secondary authenticator for online sites. While security professionals have generally dismissed them as a good choice they don't seem to be disappearing. In this talk Bruce shares his analysis of actual user security question and answer choices that were leaked through three different database dumps in the past year. He uses this real world data to demonstrate where security questions seem to have their greatest weaknesses and discusses how to steer implementations towards providing better security. For comparison we will also look at how the statistics from these environments compare to previous academic studies of security questions.
PasswordResearch.com Note: Video of presentation available: https://www.youtube.com/watch?v=CbJvN-6CT6Y
Do you have additional information to contribute regarding this research paper? If so, please email email@example.com with the details.