255
views
0
recommends
+1 Recommend
1 collections
    0
    shares
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Pictures or Questions? Examining User Responses to Association-Based Authentication

      proceedings-article

      ,

      Proceedings of HCI 2010 (HCI)

      Human Computer Interaction

      6 - 10 September 2010

      Bookmark

            Abstract

            Challenge questions are commonly used as a backup should users forget their “main” authentication secret. Such questions are notoriously difficult to design properly, and have sometimes allowed intruders to access the system via a back door simply by engaging in some online research about the victim [33]. Most challenge questions rely on a user’s knowledge of their early life, something which tends not to deteriorate over time [15]. Unfortunately, this kind of information can also be discovered by a determined attacker. We developed a challenge protocol in which a set of pictorial cues are used to prompt answers, rather than using the standard mechanism based on textual questions. The prompts solicit associative memories that need not represent factual information (information that aids an attacker in mounting targeted observation attacks) and serve as a stronger cue to aid the recall. Our results reveal that the solution has comparable security with that of traditional challenge questions (when considering external attackers), and suggests additional benefits from posing three or more questions serially. Furthermore, we obtained a 13% increase in the memorability of our (name-based) answers, while our results suggest enhancements could help improve the recall of place-based answers. We conclude by discussing how further modifications could achieve gains on the usability front.

            Content

            Author and article information

            Contributors
            Conference
            September 2010
            September 2010
            : 98-107
            Affiliations
            [0001]Department of Computing Science

            University of Glasgow
            [0002]School of Engineering & Computing

            Glasgow Caledonian University
            Article
            10.14236/ewic/HCI2010.14
            27e0b495-bcf8-4956-9a3b-8c8e17416803
            © Karen Renaud et al. Published by BCS Learning and Development Ltd. Proceedings of HCI 2010, University of Abertay, Dundee, UK

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Proceedings of HCI 2010
            HCI
            24
            University of Abertay, Dundee, UK
            6 - 10 September 2010
            Electronic Workshops in Computing (eWiC)
            Human Computer Interaction
            Product
            Product Information: 1477-9358BCS Learning & Development
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Electronic Workshops in Computing

            Comments

            Comment on this article