Analyzing 4 Million Real-World Personal Knowledge Questions
Date: December 2015
Publication: 9th International Conference on Passwords (Passwords15 London). Lecture Notes in Computer Science, Volume 9551
Page(s): 39 - 44
Source 1: https://www.mobsec.rub.de/media/mobsec/veroeffentlichungen/2016/04/04/Passwords15_paper_26_draft.pdf
Source 2: https://dx.doi.org/10.1007/978-3-319-29938-9_3 - Subscription or payment required
Personal Knowledge Questions are widely used for fallback authentication, i.e., recovering access to an account when the primary authenticator is lost. It is well known that the answers only have low-entropy and are sometimes derivable from public data sources, but ease-of-use and supposedly good memorability seem to outweigh this drawback for some applications.
Recently, a database dump of an online dating website was leaked, including 3.9 million plain text answers to personal knowledge questions, making it the largest publicly available list. We analyzed this list of answers and were able to confirm previous findings that were obtained on non-public lists (WWW 2015), in particular we found that some users don’t answer truthfully, which may actually reduce the answer’s entropy.
PasswordResearch.com Note: Video of presentation available: https://www.youtube.com/watch?v=TbwxvW1X-k4
Do you have additional information to contribute regarding this research paper? If so, please email email@example.com with the details.