DocumentCode :
3023196
Title :
It´s No Secret. Measuring the Security and Reliability of Authentication via “Secret” Questions
Author :
Schechter, Stuart ; Brush, A. J Bernheim ; Egelman, Serge
Author_Institution :
Microsoft Res., Redmond, WA, USA
fYear :
2009
fDate :
17-20 May 2009
Firstpage :
375
Lastpage :
390
Abstract :
All four of the most popular webmail providers - AOL, Google, Microsoft, and Yahoo! - rely on personal questions as the secondary authentication secrets used to reset account passwords. The security of these questions has received limited formal scrutiny, almost all of which predates webmail. We ran a user study to measure the reliability and security of the questions used by all four webmail providers. We asked participants to answer these questions and then asked their acquaintances to guess their answers. Acquaintances with whom participants reported being unwilling to share their webmail passwords were able to guess 17% of their answers. Participants forgot 20% of their own answers within six months. What´s more, 13% of answers could be guessed within five attempts by guessing the most popular answers of other participants, though this weakness is partially attributable to the geographic homogeneity of our participant pool.
Keywords :
Internet; security of data; AOL; Google; Microsoft; Yahoo; authentication reliability; geographic homogeneity; limited formal scrutiny; secret questions; webmail providers; Authentication; Brushes; Electronic mail; Laboratories; Postal services; Privacy; Radio access networks; Security; Statistics; Web services; Authentication;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Security and Privacy, 2009 30th IEEE Symposium on
Conference_Location :
Berkeley, CA
ISSN :
1081-6011
Print_ISBN :
978-0-7695-3633-0
Type :
conf
DOI :
10.1109/SP.2009.11
Filename :
5207657
Link To Document :
بازگشت