Output details
11 - Computer Science and Informatics
Glasgow Caledonian University
Personal choice and challenge questions: a security and usability assessment
<20> Significance: Full paper at SOUPS 2009 conference (ACM, 30% acceptance), funded by EPSRC (EP/G020760/1), with results highlighted in a ZDNet blog article (19 May 2009). Originality: Defined an innovative three-part model for evaluating the security of challenge questions based upon a classification of an attacker’s knowledge and capabilities. Extended results from Policy & Internet journal (while P&I article was published in 2010, it covers pre-SOUPS research from 2009) with a hybrid (online/offline) methodology, and introduced “focused” and “observation” attack methods. Rigour: Applied the security model to experiment data collected from 60 participants.