TY - GEN
T1 - Quantifying the security of preference-based authentication
AU - Jakobsson, Markus
AU - Yang, Liu
AU - Wetzel, Susanne
PY - 2008
Y1 - 2008
N2 - We describe a technique aimed at addressing longstanding problems for password reset: security and cost. In our approach, users are authenticated using their preferences. Experiments and simulations have shown that the proposed approach is secure, fast, and easy to use. In particular, the average time for a user to complete the setup is approximately two minutes, and the authentication process takes only half that time. The false negative rate of the system is essentially 0% for our selected parameter choice. For an adversary who knows the frequency distributions of answers to the questions used, the false positive rate of the system is estimated at less than half a percent, while the false positive rate is close to 0% for an adversary without this information. Both of these estimates have a significance level of 5%.
AB - We describe a technique aimed at addressing longstanding problems for password reset: security and cost. In our approach, users are authenticated using their preferences. Experiments and simulations have shown that the proposed approach is secure, fast, and easy to use. In particular, the average time for a user to complete the setup is approximately two minutes, and the authentication process takes only half that time. The false negative rate of the system is essentially 0% for our selected parameter choice. For an adversary who knows the frequency distributions of answers to the questions used, the false positive rate of the system is estimated at less than half a percent, while the false positive rate is close to 0% for an adversary without this information. Both of these estimates have a significance level of 5%.
KW - Password reset
KW - Preference-based authentication
KW - Security question
KW - Simulation
UR - http://www.scopus.com/inward/record.url?scp=70349263317&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70349263317&partnerID=8YFLogxK
U2 - 10.1145/1456424.1456435
DO - 10.1145/1456424.1456435
M3 - Conference contribution
AN - SCOPUS:70349263317
SN - 9781605582948
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 61
EP - 69
BT - Proceedings of the 4th ACM Workshop on Digital Identity Management, DIM'08,Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
T2 - 4th ACM Workshop on Digital Identity Management, DIM'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Y2 - 27 October 2008 through 31 October 2008
ER -