It's No Secret. Measuring the Security and Reliability of Authentication via &amp;#147;Secret&amp;#148; Questions

Schechter, Stuart; Brush, A. J. Bernheim; Egelman, Serge

doi:10.1109/sp.2009.11

Cited by 111 publications

(116 citation statements)

References 8 publications

Supporting

Mentioning

112

Contrasting

Order By: Relevance

“…Challenge question authentication is a knowledge-based feature, which is widely seen as a credential recovery technique (Just and Aspinall 2009a;Schechter et al 2009). This method has been used as a second factor feature and employed for customer verification in online and telephone banking (Rabkin 2008;Just and Aspinall 2012).…”

Section: Challenge Question Authenticationmentioning

confidence: 99%

“…Security findings of their study indicate low security level for 5 of their 60 questions. Schechter et al (2009) Renaud and Just (2010) proposed associative picture based cues with multiple choice answers, which achieved a 13% increase in the memorability with 77% correct answers. However, the security analysis revealed that 38% of the times, answers were guessed by close friends.…”

Section: Challenge Question Authenticationmentioning

confidence: 99%

“…However, the following usability and security issues were identified. These issues were identified in the text-based questions as discussed in the literature review above (Just and Aspinall 2009a, c;Schechter et al 2009). …”

Section: Investigatedmentioning

confidence: 99%

“…Text-based questions were based on the most common types implemented by leading email providers for credential recovery. For example AOL utilizes favourite and personal questions, Google uses a small set of personal questions and Microsoft and Yahoo implement a combination of personal and favourite questions (Schechter et al 2009). …”

Section: Usability Testing Using An Online Course (Process)mentioning

confidence: 99%

“…We implemented an string-tostring comparison algorithm for authentication purposes (Schechter et al 2009;Ullah et al 2014a). Results in Table 4 show that, of the 890 text-based challenge questions randomly presented to students, 583 (66%) were answered correctly during the authentication process using an equality algorithm, which would increase to 74% if a more relaxed algorithm was implemented.…”

Section: Effectiveness Of Text-based Questionsmentioning

confidence: 99%

See 4 more Smart Citations

A study into the usability and security implications of text and image based challenge questions in the context of online examination

2018

View full text Add to dashboard Cite

Online examinations are an integral component of online learning environments and research studies have identified academic dishonesty as a critical threat to the credibility of such examinations. Academic dishonesty exists in many forms. Collusion is seen as a major security threat, wherein a student invites a third party for help or to impersonate him or her in an online examination. This work aims to investigate the authentication of students using text-based and image-based challenge questions. The study reported in this paper involved 70 online participants from nine countries completing a five week online course and simulating an abuse case scenario. The results of a usability analysis suggested that i) image-based questions are more usable than text-based questions (p < 0.01) and ii) using a more flexible data entry method increased the usability of text-based questions (p < 0.01). An impersonation abuse scenario was simulated to test the influence of sharing with different database sizes. The findings revealed that iii) an increase in the number of questions shared for impersonation increased the success of an impersonation attack and the results showed a significant linear trend (p < 0.01). However, the number of correct answers decreased when the attacker had to memorize and answer the questions in an invigilated online examination or their response to questions was timed. The study also revealed that iv) Educ Inf Technol (2019) an increase in the size of challenge question database decreased the success of an impersonation attack (p < 0.01).

show abstract

Section: Challenge Question Authenticationmentioning

confidence: 99%

Section: Challenge Question Authenticationmentioning

confidence: 99%

Section: Investigatedmentioning

confidence: 99%

Section: Usability Testing Using An Online Course (Process)mentioning

confidence: 99%

Section: Effectiveness Of Text-based Questionsmentioning

confidence: 99%

See 3 more Smart Citations

A study into the usability and security implications of text and image based challenge questions in the context of online examination

2018

View full text Add to dashboard Cite

show abstract

References

2012

The Death of the Internet

View full text Add to dashboard Cite

Web Password Recovery: A Necessary Evil?

Maqbali

Mitchell

2018

Proceedings of the Future Technologies Conference (FTC) 2018

View full text Add to dashboard Cite

Web password recovery, enabling a user who forgets their password to re-establish a shared secret with a website, is very widely implemented. However, use of such a fall-back system brings with it additional vulnerabilities to user authentication. This paper provides a framework within which such systems can be analysed systematically, and uses this to help gain a better understanding of how such systems are best implemented. To this end, a model for web password recovery is given, and existing techniques are documented and analysed within the context of this model. This leads naturally to a set of recommendations governing how such systems should be implemented to maximise security. A range of issues for further research are also highlighted.

show abstract

It's No Secret. Measuring the Security and Reliability of Authentication via Secret Questions

Cited by 111 publications

References 8 publications

A study into the usability and security implications of text and image based challenge questions in the context of online examination

A study into the usability and security implications of text and image based challenge questions in the context of online examination

References

Web Password Recovery: A Necessary Evil?

Contact Info

Product

Resources

About