I Know What You Did Last Week! Do You?: Dynamic Security Questions for Fallback Authentication on Smartphones
Date: April 18 2015
Publication: Proceedings of the 2015 SIGCHI Conference on Human Factors in Computing Systems (CHI '15)
Page(s): 1383 - 1392
Source 1: https://dx.doi.org/10.1145/2702123.2702131 - Subscription or payment required
Source 2: https://ai2-s2-pdfs.s3.amazonaws.com/e6e9/48050dd41de1ccf0cefcbff129e85c272790.pdf
Abstract or Summary:
In this paper, we present the design and evaluation of dynamic security questions for fallback authentication. In case users lose access to their device, the system asks questions about their usage behavior (e.g. calls, text messages or app usage). We performed two consecutive user studies with real users and real adversaries to identify questions that work well in the sense that they are easy to answer for the genuine user, but hard to guess for an adversary. The results show that app installations and communication are the most promising categories of questions. Using three questions from the evaluated categories was sufficient to get an accuracy of 95.5% - 100%.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.