ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Love and authentication
Full text PdfPdf (317 KB)
Source
Conference on Human Factors in Computing Systems archive
Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems table of contents
Florence, Italy
SESSION: Trust and Security table of contents
Pages 197-200  
Year of Publication: 2008
ISBN:978-1-60558-011-1
Authors
Markus Jakobsson  Palo Alto Research Center, Palo Alto, CA, USA
Erik Stolterman  Indiana University, Bloomington, IN, USA
Susanne Wetzel  Stevens Institute of Technology, Hoboken, NJ, USA
Liu Yang  Stevens Institute of Technology, Hoboken, NJ, USA
Sponsors
ACM: Association for Computing Machinery
SIGCHI: ACM Special Interest Group on Computer-Human Interaction
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 21,   Downloads (12 Months): 207,   Citation Count: 5
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1357054.1357087
What is a DOI?

ABSTRACT

Passwords are ubiquitous, and users and service providers alike rely on them for their security. However, good passwords may sometimes be hard to remember. For years, security practitioners have battled with the dilemma of how to authenticate people who have forgotten their passwords. Existing approaches suffer from high false positive and false negative rates, where the former is often due to low entropy or public availability of information, whereas the latter often is due to unclear or changing answers, or ambiguous or fault prone entry of the same. Good security questions should be based on long-lived personal preferences and knowledge, and avoid publicly available information. We show that many of the questions used by online matchmaking services are suitable as security questions. We first describe a new user interface approach suitable to such security questions that is offering a reduced risks of incorrect entry. We then detail the findings of experiments aimed at quantifying the security of our proposed method.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
K. W. Chapman, K. Grace-Martin, and H. T. Lawless. Expectations and Stability of Preference Choice. Journal of Sensory Studies, Vol 21(4):441--455, August 2006.
 
2
http://www.bowwow.com.au/top20/index.asp.
 
3
D. W. Crawford, G. Godbey, and A. C. Crouter. The Stability of Leisure Preferences. Journal of Leisure Research, 18:96--115, 1986.
 
4
V. Griffith and M. Jakobsson. Messin' with Texas, Deriving Mother's Maiden Names Using Public Records. RSA CryptoBytes, 8(1):18--28, 2007.
 
5
G. F. Kuder. The Stability of Preference Items. Journal of Social Psychology, pages 41--50, 10 1939.
 
6
Oracle Identity Management. http://www.oracle.com/ technology/products/oid/oidhtml/sec_idm_ training/%html_masters/c_page07.htm.
 
7
http://www.voiceport.net/PasswordReset.aspx.
 
8
Jessica Staddon , Philippe Golle , Bryce Zimny, Web-based inference detection, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, p.1-16, August 06-10, 2007, Boston, MA
 
9
A. E. I. Stamps. Of Time and Preference: Temporal Stability of Environmental Preferences. Perceptual and Motor Skills, Vol 85(3, Pt 1):883--896, December 1997.
 
10
Douglas R. Stinson, Cryptography: Theory and Practice, CRC Press, Inc., Boca Raton, FL, 1995
 
11
Pennkey Challenge-response Password Reset Authenticating (Identifying) Yourself. https://galaxy.isc-seo.upenn.edu:7778/pls/com8i/Challenge_Controller_pg. Start_Challenge.
 
12
RSA Identity Verification from Verid. http://www.rsa.com/node.aspx?id=3347.
 
13
http://www.zazzle.com/.

CITED BY  5
Markus Jakobsson , Liu Yang , Susanne Wetzel, Quantifying the security of preference-based authentication, Proceedings of the 4th ACM workshop on Digital identity management, October 31-31, 2008, Alexandria, Virginia, USA
Ariel Rabkin, Personal knowledge questions for fallback authentication: security questions in the era of Facebook, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania
Stuart Schechter , Serge Egelman , Robert W. Reeder, It's not what you know, but who you know: a social approach to last-resort authentication, Proceedings of the 27th international conference on Human factors in computing systems, April 04-09, 2009, Boston, MA, USA
Mike Just , David Aspinall, Personal choice and challenge questions: a security and usability assessment, Proceedings of the 5th Symposium on Usable Privacy and Security, July 15-17, 2009, Mountain View, California
Stuart Schechter , Robert W. Reeder, 1 + 1 = you: measuring the comprehensibility of metaphors for configuring backup authentication, Proceedings of the 5th Symposium on Usable Privacy and Security, July 15-17, 2009, Mountain View, California

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)
          Subjects: Evaluation/methodology

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Authentication


General Terms:
Experimentation, Human Factors, Security


Keywords:
entry error, password, reset, security, security question

Collaborative Colleagues:
Markus Jakobsson: colleagues
Erik Stolterman: colleagues
Susanne Wetzel: colleagues
Liu Yang: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player