Sciweavers

SOUPS
2009
ACM

Personal choice and challenge questions: a security and usability assessment

13 years 10 months ago
Personal choice and challenge questions: a security and usability assessment
Challenge questions are an increasingly important part of mainstream authentication solutions, yet there are few published studies concerning their usability or security. This paper reports on an experimental investigation into userchosen questions. We collected questions from a large cohort of students, in a way that encouraged participants to give realistic data. The questions allow us to consider possible modes of attack and to judge the relative effort needed to crack a question, according to an innovative model of the knowledge of the attacker. Using this model, we found that many participants were likely to have chosen questions with low entropy answers, yet they believed that their challenge questions would resist attacks from a stranger. Though by asking multiple questions, we are able to show a marked improvement in security for most users. In a second stage of our experiment, we applied existing metrics to measure the usability of the questions and answers. Despite having y...
Mike Just, David Aspinall
Added 28 May 2010
Updated 28 May 2010
Type Conference
Year 2009
Where SOUPS
Authors Mike Just, David Aspinall
Comments (0)