Evaluating smartphone-based dynamic security questions for fallback authentication: a field study

Abstract: To address the limitations of static challenge question based fallback authentication mechanisms (e.g., easy predictability), recently, smartphone based autobiographical authentication mechanisms have been explored where challenge questions are not predetermined and are instead generated dynamically based on users’ day-to-day activities captured by smartphones. However, as answering different types and styles of questions is likely to require different amounts of cognitive effort and affect users’ performance,… Show more

“…The most popular methods for fallback authentication are security questions, email resets, and SMS resets. Autobiographical authentication has also recently attracted attention as a viable alternative [6,7,8]. We first review the literature on these methods while highlighting some of their current security and usability shortcomings.…”

“…Both Hang et al [7] and AlBayram et al [8] investigate the threat of social insiders on their proposed autobiographical authentication systems. Muslukhov et al [15] empirically discerned the frequency of unauthorised access to smartphones by insiders through a user study.…”

“…We designed and developed a location-based fallback authentication system called Geographical Security Questions (GeoSQ), a variant of previously-proposed autobiographical authentication systems [8,39]. 2 We analyse the security and usability of GeoSQ through an in-person user study (see Section 4 and Section 5 for details).…”

“…GeoSQ was implemented with several usability and security goals in mind. When designing GeoSQ, we also incorporated the findings of other related research in autobiographical authentication [7,8,41]. We explain our security-oriented and usability-oriented decisions below.…”

“…Each participant was compensated $8 for their 4 There are three location accuracy settings that Google Maps API [40] offers: high accuracy which is the most accurate location request but utilizes a great amount of battery power; balanced power provides great accuracy but does not consume as much battery power as high accuracy; and low power is not very accurate but consumes very little battery power. 5 Related work utilized a 75-meter margin of error based on the Haversine distance [8,42]. The Haversine distance is the great circle distance between two points on a sphere given their latitudes and longitudes.…”

Geographical Security Questions for Fallback Authentication

“…The most popular methods for fallback authentication are security questions, email resets, and SMS resets. Autobiographical authentication has also recently attracted attention as a viable alternative [6,7,8]. We first review the literature on these methods while highlighting some of their current security and usability shortcomings.…”

“…Both Hang et al [7] and AlBayram et al [8] investigate the threat of social insiders on their proposed autobiographical authentication systems. Muslukhov et al [15] empirically discerned the frequency of unauthorised access to smartphones by insiders through a user study.…”

“…We designed and developed a location-based fallback authentication system called Geographical Security Questions (GeoSQ), a variant of previously-proposed autobiographical authentication systems [8,39]. 2 We analyse the security and usability of GeoSQ through an in-person user study (see Section 4 and Section 5 for details).…”

“…GeoSQ was implemented with several usability and security goals in mind. When designing GeoSQ, we also incorporated the findings of other related research in autobiographical authentication [7,8,41]. We explain our security-oriented and usability-oriented decisions below.…”

“…Each participant was compensated $8 for their 4 There are three location accuracy settings that Google Maps API [40] offers: high accuracy which is the most accurate location request but utilizes a great amount of battery power; balanced power provides great accuracy but does not consume as much battery power as high accuracy; and low power is not very accurate but consumes very little battery power. 5 Related work utilized a 75-meter margin of error based on the Haversine distance [8,42]. The Haversine distance is the great circle distance between two points on a sphere given their latitudes and longitudes.…”

Geographical Security Questions for Fallback Authentication

A Report on Behavior-Based Implicit Continuous Biometric Authentication for Smart Phone

Understanding users’ perceptions to improve fallback authentication