Designing Secure Yet Usable Credential Recovery Systems with Challenge Questions
Date: April 2003 Publication: Proceedings of CHI 2003, Workshop on Human-Computer Interaction and Security Systems Source 1: http://www.andrewpatrick.ca/CHI2003/HCISEC/hcisec-workshop-just.pdf Abstract or Summary:
We discuss the design of secure systems for recovery of a password, private keys, account privileges or other security credentials or entitlements at a time when a primary security credential (often a password) has been lost or is otherwise inaccessible. Automated recovery techniques can minimize help-desk costs, though efficiency can only be gained if the recovery process is usable. This paper discusses a classification and design of secure and usable challenge question and answer systems; in particular it identifies a distinction between fixed, controlled and open questions and answers. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |