Designing Secure Yet Usable Credential Recovery Systems with Challenge Questions
Authors: Mike Just

Date: April 2003
Publication: Proceedings of CHI 2003, Workshop on Human-Computer Interaction and Security Systems
Source 1:

Abstract or Summary:
We discuss the design of secure systems for recovery of a password, private keys, account privileges or other security credentials or entitlements at a time when a primary security credential (often a password) has been lost or is otherwise inaccessible. Automated recovery techniques can minimize help-desk costs, though efficiency can only be gained if the recovery process is usable. This paper discusses a classification and design of secure and usable challenge question and answer systems; in particular it identifies a distinction between fixed, controlled and open questions and answers.

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019