Title :
SNIPPET: Genuine knowledge-based authentication
Author :
Renaud, Karen ; Kennes, Demetris ; Van Niekerk, Johan ; Maguire, Joel
Author_Institution :
Sch. of Comput. Sci., Univ. of Glasgow, Glasgow, UK
Abstract :
Authentication is traditionally performed based on what you know, what you hold or what you are. The first is the most popular, in the form of the password. This is often referred to as “knowledge-based” authentication. Yet, given the guidelines for password restrictions commonly given to end-users we will argue that this is a misnomer. A strong password is actually a lengthy string of gibberish or nonsense. Common password strength guidelines advise users against choosing meaningful passwords.
Keywords :
authorisation; knowledge based systems; SNIPPET; authentication mechanism; authentication secrets; end user mnemonic needs; gibberish string; guessability testing; knowledge testing; knowledge-based authentication; meaningful passwords; memorability testing; nonsense string; observability testing; password restrictions; password strength guidelines; random alphanumeric string; security needs; Authentication; Context; Educational institutions; Image recognition; Knowledge based systems; Programming; Testing; Authentication; Experts; Knowledge;
Conference_Titel :
Information Security for South Africa, 2013
Conference_Location :
Johannesburg
DOI :
10.1109/ISSA.2013.6641059
