It's no secret Measuring the security and reliability of authentication via 'secret' questions

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2009, Pages 375-390

  Schechter, Stuart ^a   Brush, A J Bernheim ^a   Egelman, Serge ^b  

^a MICROSOFT RESEARCH   (United States)

^b CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

MICROSOFT; USER STUDY; WEBMAIL;

AUTHENTICATION; INTERNET;

NETWORK SECURITY;

EID: 70449688213     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2009.11     Document Type: Conference Paper

References (17)

1. J. Brainard, A. Juels, R. L. Rivest, M. Szydlo, and M. Yung. Fourth-factor authentication: somebody you know. In CCS '06: Proceedings of the 13th ACM Conference on Computer and Communications Security, pages 168-178, New York, NY, USA, 2006. ACM.
2. T. Bridis. Hacker impersonated Palin, stole e-mail password, Sept. 18, 2008. Associated Press.
3. CommonwealthBank. NetBank NetCode SMS, 2008. http://www.commbank.com.au/ netbank/netcodesms/.
4. M. Jakobsson, E. Stolterman, S. Wetzel, and L. Yang. Love and authentication. In CHI '08: Proceeding of the Twenty-Sixth Annual SIGCHI Conference on Human Factors in Computing Systems, pages 197-200, New York, NY, USA, 2008. ACM.
5. M. Just. Designing authentication systems with challenge questions. In L. F. Cranor and S. Garfinkel, editors, Security and Usability: Designing Secure Systems that People Can Use, pages 143-155, Sebastopol, CA, 2005. O'Reilly Media, Inc.
6. G. Keizer. Yahoo, Hotmail, Gmail all vulnerable to Palin-style password-reset hack. Computerworld, Sept. 19, 2008. http://www.computerworld. com/action/article.do?command=viewArticleBasic&articleId=9115187.
7. J. Kremer. Happy 10th birthday, Yahoo! Mail, Oct. 2007. http://ycorpblog.com/2007/10/08/happy-10thbirthday-yahoo-mail/.
8. H. P. Ltd. Top 20 websites, 2008. http://www.hitwise.com/datacenter/ rankings.php.
9. Microsoft Corporation. Windows live hotmail fact sheet, May 2007. http://www.microsoft.com/presspass/newsroom/msn/factsheet/hotmail.mspx.
10. J. Podd, J. Bunnell, and R. Henderson. Cost-effective computer security: Cognitive and associative passwords. In OZCHI '96: Proceedings of the 6th Australian Conference on Computer-Human Interaction (OZCHI '96), page 304, Washington, DC, USA, 1996. IEEE Computer Society.
11. A. Rabkin. Personal knowledge questions for fallback authentication: security questions in the era of facebook. In SOUPS '08: Proceedings of the 4th Symposium on Usable Privacy and Security, pages 13- 23, New York, NY, USA, 2008. ACM.
12. S. Schechter, S. Egelman, and R. W. Reeder. It's not what you know, but who you know: A social approach to last-resort authentication. In CHI '09: Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems, Boston, MA, 2009. ACM.
13. S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer. The emperor's new security indicators: An evaluation of website authentication and the effect of role playing on usability studies. In Proceedings of the 2007 IEEE Symposium on Security and Privacy, pages 51- 65, Washington, DC, USA, May 20-23 2007. IEEE Computer Society.
14. R. Stross. What would you do if you logged onto your e-mail and received an unfamiliar message: 'user name and password do not match'? The New York Times, Oct. 4, 2008. http://www.nytimes.com/2008/10/05/business/05digi.html.
15. B. Sullivan. 'forgot your password?' may be weakest link. MSNBC Red Tape Chronicles, Aug. 26, 2008. http://redtape.msnbc.com/2008/08/almosteveryone.html.
16. M. Toomim, X. Zhang, J. Fogarty, and J. A. Landay. Access control by testing for shared knowledge. In CHI '08: Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems, Florence, Italy, 2008. ACM.
17. M. Zviran and W. J. Haga. User authentication by cognitive passwords: an empirical assessment. In JCIT: Proceedings of the Fifth Jerusalem Conference on Information technology, pages 137-144, Los Alamitos, CA, USA, 1990. IEEE Computer Society Press.