Account Recovery Challenges: Secure and Usable Authentication
Date: May 2009
Publication: Information Security Summit 2009
Source 1: http://groups.inf.ed.ac.uk/security/KBA/papers/IS22009.pdf
Abstract or Summary:
Challenge questions represent the most popular practice today for supporting account recovery. In case a user forgets their memorized password, it is hoped that they'll be able to recall the answers to their challenge questions. In theory, it seems like a good idea: the answer to the questions should be information that is already known to the user. Challenge questions are even being used to complement password authentication; in addition to a password, users are asked for the answer to one of their questions. Despite their ubiquity, we know surprisingly little about the security and usability of challenge question authentication solutions. In this short article, we review the state-of-the-art in this area.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.