Output details
11 - Computer Science and Informatics
Glasgow Caledonian University
Challenging challenge questions: an experimental analysis of authentication technologies and user behaviour
<20> Significance: Published in interdisciplinary Policy & Internet journal, and originally presented at Trust 2009 conference. Research funded by EPSRC (EP/G020760/1) to investigate the security and memorability of challenge questions, used widely to protect online account access. Originality: First paper to describe a privacy-friendly methodology for collecting and analyzing sensitive authentication information. Rigour: Collected more than 200 user-chosen challenge questions and measured security against a “blind guessing” attack using only the answer length; participants self-assessed answer memorability. Results show that people overestimate their ability to choose secure and memorable answers to challenge questions.