Analyzing 4 Million Real-World Personal Knowledge Questions
Author(s): Maximilian Golla, Markus Dürmuth

Date: December 2015
Publication: 9th International Conference on Passwords (Passwords15 London). Lecture Notes in Computer Science, Volume 9551
Page(s): 39 - 44
Publisher: Springer
Source 1: https://www.mobsec.rub.de/media/mobsec/veroeffentlichungen/2016/04/04/Passwords15_paper_26_draft.pdf
Source 2: https://dx.doi.org/10.1007/978-3-319-29938-9_3 - Subscription or payment required

Abstract:
Personal Knowledge Questions are widely used for fallback authentication, i.e., recovering access to an account when the primary authenticator is lost. It is well known that the answers only have low-entropy and are sometimes derivable from public data sources, but ease-of-use and supposedly good memorability seem to outweigh this drawback for some applications.

Recently, a database dump of an online dating website was leaked, including 3.9 million plain text answers to personal knowledge questions, making it the largest publicly available list. We analyzed this list of answers and were able to confirm previous findings that were obtained on non-public lists (WWW 2015), in particular we found that some users don’t answer truthfully, which may actually reduce the answer’s entropy.


PasswordResearch.com Note: Video of presentation available: https://www.youtube.com/watch?v=TbwxvW1X-k4


Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com