Love and authentication

Markus Jakobsson; Erik Stolterman; Susanne Wetzel; Liu Yang

doi:10.1145/1357054.1357087

Love and authentication

Markus Jakobsson, Erik Stolterman, Susanne Wetzel, Liu Yang

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

35 Scopus citations

Abstract

Passwords are ubiquitous, and users and service providers alike rely on them for their security. However, good passwords may sometimes be hard to remember. For years, security practitioners have battled with the dilemma of how to authenticate people who have forgotten their passwords. Existing approaches suffer from high false positive and false negative rates, where the former is often due to low entropy or public availability of information, whereas the latter often is due to unclear or changing answers, or ambiguous or fault prone entry of the same. Good security questions should be based on long-lived personal preferences and knowledge, and avoid publicly available information. We show that many of the questions used by online matchmaking services are suitable as security questions. We first describe a new user interface approach suitable to such security questions that is offering a reduced risks of incorrect entry. We then detail the findings of experiments aimed at quantifying the security of our proposed method.

Original language	English
Title of host publication	26th Annual CHI Conference on Human Factors in Computing Systems, Conference Proceedings, CHI 2008
Pages	197-200
Number of pages	4
DOIs	https://doi.org/10.1145/1357054.1357087
State	Published - 2008
Event	26th Annual CHI Conference on Human Factors in Computing Systems, CHI 2008 - Florence, Italy Duration: 5 Apr 2008 → 10 Apr 2008

Publication series

Name	Conference on Human Factors in Computing Systems - Proceedings

Conference

Conference	26th Annual CHI Conference on Human Factors in Computing Systems, CHI 2008
Country/Territory	Italy
City	Florence
Period	5/04/08 → 10/04/08

Keywords

Entry error
Password
Reset
Security
Security question

Access to Document

10.1145/1357054.1357087

Cite this

@inproceedings{fe65c2daa0654b1e9c166b0725b0cfd3,

title = "Love and authentication",

abstract = "Passwords are ubiquitous, and users and service providers alike rely on them for their security. However, good passwords may sometimes be hard to remember. For years, security practitioners have battled with the dilemma of how to authenticate people who have forgotten their passwords. Existing approaches suffer from high false positive and false negative rates, where the former is often due to low entropy or public availability of information, whereas the latter often is due to unclear or changing answers, or ambiguous or fault prone entry of the same. Good security questions should be based on long-lived personal preferences and knowledge, and avoid publicly available information. We show that many of the questions used by online matchmaking services are suitable as security questions. We first describe a new user interface approach suitable to such security questions that is offering a reduced risks of incorrect entry. We then detail the findings of experiments aimed at quantifying the security of our proposed method.",

keywords = "Entry error, Password, Reset, Security, Security question",

author = "Markus Jakobsson and Erik Stolterman and Susanne Wetzel and Liu Yang",

year = "2008",

doi = "10.1145/1357054.1357087",

language = "English",

isbn = "9781605580111",

series = "Conference on Human Factors in Computing Systems - Proceedings",

pages = "197--200",

booktitle = "26th Annual CHI Conference on Human Factors in Computing Systems, Conference Proceedings, CHI 2008",

note = "26th Annual CHI Conference on Human Factors in Computing Systems, CHI 2008 ; Conference date: 05-04-2008 Through 10-04-2008",

}

Jakobsson, M, Stolterman, E, Wetzel, S & Yang, L 2008, Love and authentication. in 26th Annual CHI Conference on Human Factors in Computing Systems, Conference Proceedings, CHI 2008. Conference on Human Factors in Computing Systems - Proceedings, pp. 197-200, 26th Annual CHI Conference on Human Factors in Computing Systems, CHI 2008, Florence, Italy, 5/04/08. https://doi.org/10.1145/1357054.1357087

Love and authentication. / Jakobsson, Markus; Stolterman, Erik; Wetzel, Susanne et al.
26th Annual CHI Conference on Human Factors in Computing Systems, Conference Proceedings, CHI 2008. 2008. p. 197-200 (Conference on Human Factors in Computing Systems - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Love and authentication

AU - Jakobsson, Markus

AU - Stolterman, Erik

AU - Wetzel, Susanne

AU - Yang, Liu

PY - 2008

Y1 - 2008

N2 - Passwords are ubiquitous, and users and service providers alike rely on them for their security. However, good passwords may sometimes be hard to remember. For years, security practitioners have battled with the dilemma of how to authenticate people who have forgotten their passwords. Existing approaches suffer from high false positive and false negative rates, where the former is often due to low entropy or public availability of information, whereas the latter often is due to unclear or changing answers, or ambiguous or fault prone entry of the same. Good security questions should be based on long-lived personal preferences and knowledge, and avoid publicly available information. We show that many of the questions used by online matchmaking services are suitable as security questions. We first describe a new user interface approach suitable to such security questions that is offering a reduced risks of incorrect entry. We then detail the findings of experiments aimed at quantifying the security of our proposed method.

AB - Passwords are ubiquitous, and users and service providers alike rely on them for their security. However, good passwords may sometimes be hard to remember. For years, security practitioners have battled with the dilemma of how to authenticate people who have forgotten their passwords. Existing approaches suffer from high false positive and false negative rates, where the former is often due to low entropy or public availability of information, whereas the latter often is due to unclear or changing answers, or ambiguous or fault prone entry of the same. Good security questions should be based on long-lived personal preferences and knowledge, and avoid publicly available information. We show that many of the questions used by online matchmaking services are suitable as security questions. We first describe a new user interface approach suitable to such security questions that is offering a reduced risks of incorrect entry. We then detail the findings of experiments aimed at quantifying the security of our proposed method.

KW - Entry error

KW - Password

KW - Reset

KW - Security

KW - Security question

UR - http://www.scopus.com/inward/record.url?scp=57649187363&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=57649187363&partnerID=8YFLogxK

U2 - 10.1145/1357054.1357087

DO - 10.1145/1357054.1357087

M3 - Conference contribution

AN - SCOPUS:57649187363

SN - 9781605580111

T3 - Conference on Human Factors in Computing Systems - Proceedings

SP - 197

EP - 200

BT - 26th Annual CHI Conference on Human Factors in Computing Systems, Conference Proceedings, CHI 2008

T2 - 26th Annual CHI Conference on Human Factors in Computing Systems, CHI 2008

Y2 - 5 April 2008 through 10 April 2008

ER -

Love and authentication

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this