Projects per year
Abstract
Challenge questions represent the most popular practice today for supporting account recovery. In case a user forgets their memorized password, it is hoped that they’ll be able to recall the answers to their challenge questions. In theory, it seems like a good idea: the answer to the questions should be information that is already known to the user. Challenge questions are even being used to complement password authentication; in addition to a password, users are asked for the answer to one of their questions. Despite their ubiquity, we know surprisingly little about the security and usability of challenge question authentication solutions. In this short article, we review the state-of-the-art in this area.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of Information Security Summit 2009 |
| Number of pages | 6 |
| Publication status | Published - 2009 |
Fingerprint
Dive into the research topics of 'Account Recovery Challenges: Secure and Usable Authentication'. Together they form a unique fingerprint.Projects
- 1 Finished
-
KBA: Knowledge-based Authentication; Evaluating and Improving
Aspinall, D. (Principal Investigator) & Just, M. (Researcher)
1/10/08 → 30/04/10
Project: Research