Designing Authentication Systems with Challenge Questions
Publication: Security and Usability: Designing Secure Systems That People Can Use
Page(s): 147 - 160
Source 1: http://hornbeam.cs.ucl.ac.uk/hcs/teaching/GA10/lec5extra/ch08just.pdf
Abstract or Summary:
“What is your mother’s maiden name?” “What is your date of birth?” Such questions are often used to authentication an individual. The answers often represent information well known to the individual, but (one hopes) not so widely known so as to be available to a potential impersonator. These challenge questions require an individual to recall and present previously registered answers when authenticating.
In this chapter, I review the design and evaluation of authentication systems that use challenge questions and answers to identify or authenticate individuals. I pay particular attention to ensuring that the design satisfies the security, usability, and privacy requirements of the authentication system.
While systems today use challenge questions for recovering forgotten passwords, they can be used more broadly for other forms of authentication, such as routine user login. This chapter focuses on password recovery but considers other applications as appropriate.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.