Data For Enhancing The Security Of Secret Questions

Data from Enhancing the Security of Secret Questions

Abstract:-

Many web applications provide secondary methods, i.e., secret questions (or password recovery questions), to reset the account password when a user’s login fails. However, the answers to many such secret questions can be easily guessed by an acquaintance or exposed to a stranger that has access to public online tools (e.g., online social networks); moreover, a user may forget her/his answers long after creating the secret questions. Today’s prevalence of technology has granted us new opportunities to observe and understand how the personal data collected by  apps can help create personalized secret questions without violating the users’ privacy concerns. In this paper, we present a Secret-Question based Authentication system, called “Secret-QA” that creates a set of secret questions on basis of people’s applications usage. We develop a prototype on desktop usage, and evaluate the security of the secret questions by asking the acquaintance/stranger who participated in our user study to guess the answers with and without the help of online tools; meanwhile, we observe the questions’ reliability by asking participants to answer their own questions. Our experimental results reveal that the secret questions related to calendar, app installment, and part of legacy usage history have the best memory for users as well as the highest robustness to attacks.