Abstract or Summary:
There are various situations where a distinction needs to be made between group members and outsiders. For example, to protect students in chat groups from unpleasant incidents caused by intruders; or to provide access to common domains such as computer labs. In some of these situations the implications of unauthorized access are negligible. Thus, using an expensive authentication technique, in terms of equipment and maintenance, or requiring significant effort from the user, is wasteful and unjustified. Passwords are the cheapest access control mechanism but have memorability issues. As a result, various alternatives have been proposed. These solutions are often either insecure or expensive in terms of data collection and maintenance. In this paper we present a solution that is less costly since it is built on the data produced by user-system interactions. The mechanism relies on a dynamic (and unpredictable) shared secret. We report on our investigation into differentiating between group members and outsiders by means of their group characteristics. We also present an original analytical framework to facilitate the automatic generation of questions from group characteristics. Finally, we introduce a prototype of the mechanism.