Account Recovery Challenges: Secure and Usable Authentication

Mike Just

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Challenge questions represent the most popular practice today for supporting account recovery. In case a user forgets their memorized password, it is hoped that they’ll be able to recall the answers to their challenge questions. In theory, it seems like a good idea: the answer to the questions should be information that is already known to the user. Challenge questions are even being used to complement password authentication; in addition to a password, users are asked for the answer to one of their questions. Despite their ubiquity, we know surprisingly little about the security and usability of challenge question authentication solutions. In this short article, we review the state-of-the-art in this area.
Original languageEnglish
Title of host publicationProceedings of Information Security Summit 2009
Number of pages6
Publication statusPublished - 2009


Dive into the research topics of 'Account Recovery Challenges: Secure and Usable Authentication'. Together they form a unique fingerprint.

Cite this