Understanding users’ perceptions to improve fallback authentication

Micallef, Nicholas; Arachchilage, Nalin Asanka Gamagedara

doi:10.1007/s00779-021-01571-y

Cited by 5 publications

(1 citation statement)

References 61 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This study aims to improve the security and usability of fallback authentication by focusing on static security questions. Static security questions were selected first because most of the recent studies conducted on fallback authentication have focused on dynamic security questions ( Albayram & M. Khan, 2016 ; Addas, Salehi-Abari & Thorpe , 2019 ; Anani & Ouda, 2017 ; Hang et al., 2015a ; AlHusain & Alkhalifah, 2021 ; Anvari, Pan & Zheng, 2020 ; Ebrahim & Vadakkumcheril, 2019 ; Albayram et al, 2015 ) with little attention paid to improving static security questions ( Micallef & N. Arachchilage, 2021 ; Bonneau et al, 2015 ; Schechter, A. Brush & Egelman, 2009 ; Schechter & Reeder, 2009 ). However, this limited used mechanism of static questions as fallback authentication has some limitations.…”

Section: Introductionmentioning

confidence: 99%

Evaluating knowledge-based security questions for fallback authentication

AlHusain

Alkhalifah

2022

PeerJ Computer Science

View full text Add to dashboard Cite

Failed user authentication is a common event. Forgotten passwords and fingerprint non-recognition are the most common causes. Therefore, there is a need for efficient backup authentication methods, known as fallback authentication. However, fallback authentication methods suffer from different security and usability issues. This study aims to improve the security and usability of knowledge-based fallback authentication in the form of static security questions. The approach proposed in this study was designed considering different factors, such as question features, authentication mechanisms, and the use of tools to aid in composing memorable and secure answers. This study used a two-part experiment with 23 participants to evaluate the proposed approach based on security model testing. The results show that the proposed approach offered improved resistance to blind guess, focused guess, and observation guess attacks. While usability was clearly improved with questions that were based on recognition mechanisms, our results indicate that fallback authentication systems need a flexible level of security and avoidance of complexity in composing answers. In addition, our results indicate the effectiveness of using user behavioral details in the choice of topics for questions, where behavioral questions must have both high recall levels and resistance against guessing attacks. This work theoretically extends the knowledge of fallback authentication research by evaluating new security questions for fallback authentication considering replace of classical topics of security questions by introducing new topics of security questions based on user behavior and personal preferences. Also, this study applies methods of managing answers to security questions by encouraging users to compose answers based on free strict rules that inspire them to create strong and memorable answers based on their own rules. In addition, the findings of this study could support the deployment of knowledge-based authentication in fallback systems as a practical contribution to the user authentication field.

show abstract