Quantifying the security of preference-based authentication

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2008, Pages 61-69

  Jakobsson, Markus ^a   Yang, Liu ^b   Wetzel, Susanne ^b  

^a PALO ALTO RESEARCH CENTER   (United States)

^b STEVENS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

Password reset; Preference based authentication; Security question; Simulation

Indexed keywords

FALSE NEGATIVE RATE; FALSE POSITIVE RATES; FREQUENCY DISTRIBUTIONS; PARAMETER CHOICE; PASSWORD RESET; PREFERENCE-BASED; PREFERENCE-BASED AUTHENTICATION; SECURITY QUESTION; SIMULATION;

ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS;

AUTHENTICATION;

EID: 70349263317     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1456424.1456435     Document Type: Conference Paper

References (19)

1. F. Asgharpour and M. Jakobsson. Adaptive Challenge Questions Algorithm in Password Reset/Recovery. In First International Workship on Security for Spontaneious Interaction: IWIISI'07, Innsbruck, Austria, September 2007.
2. D.W. Crawford, G. Godbey, and A. C. Crouter. The Stability of Leisure Preferences. Journal of Leisure Research, 18:96-115, 1986.
3. J. L. Devore. Probability and Statistics for Engineering and Sciences. Brooks/Cole Publishing Company, 1995.
4. C. Ellison, C. Hall, R. Milbert, and B. Schneier. Protecting Secret Keys with Personal Entropy. Future Gener. Comput. Syst., 16(4):311-318, 2000.
5. N. Frykholm and A. Juels. Error-tolerant Password Recovery. In CCS '01: Proceedings of the 8th ACM conference on Computer and Communications Security, pages 1-9, New York, NY, USA, 2001. ACM.
6. V. Griffith and M. Jakobsson. Messin' with Texas, Deriving Mother's Maiden Names Using Public Records. RSA CryptoBytes, 8(1):18-28, 2007.
7. W. J. Haga and M. Zviran. Question-and-Answer Passwords: an Empirical Evaluation. Inf. Syst., 16(3):335-343, 1991.
8. M. Jakobsson, T. N. Jagatic, and S. Stamm. Phishing for Clues. https://www.indiana.edu/̃phishing/browser-recon/, last retrieved in August 2008.
9. M. Jakobsson, E. Stolterman, S. Wetzel, and L. Yang. Love and Authentication. In CHI '08: Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, pages 197-200, New York, NY, USA, 2008. ACM.
10. A. Juels and M. Wattenberg. A Fuzzy Commitment Scheme. In CCS '99: Proceedings of the 6th ACM conference on Computer and communications security, pages 28-36, New York, NY, USA, 1999. ACM.
11. www.rsa.com/blog/blog-entry.aspx?id=1152, last retrieved in August 2008.
12. M. Just. Designing and Evaluating Challenge-question Systems. IEEE Security and Privacy, 2(5):32-39, 2004.
13. G. F. Kuder. The Stability of Preference Items. Journal of Social Psychology, pages 41-50, 10 1939.
14. L. O'Gorman, A. Bagga, and J. L. Bentley. Call Center Customer Verification by Query-Directed Passwords. In Financial Cryptography, pages 54-67, 2004.
15. www.voiceport.net/PasswordReset.aspx, last retrieved in August 2008.
16. A. Rabkin. Personal Knowledge Questions for Fallback Authentication: Security Questions in the Era of Facebook. In SOUPS, 2008.
17. www.schneier.com/blog/archives/2005/02/the-curse-of-th.html, last retrieved in August 2008.
18. D. Stinson. Cryptography: Theory and Practice. CRC Press, 3rd edition, November 2005.
19. www2.csoonline.com/article/221068/Strong-Authentication-for-Online- Banking-Success-Factors?page=1, last retrieved in August 2008.