 A Model to Improve Security Questions Through Individualized AssistanceAndrew Mangle,
Sandip Patel,
Sanjay Bapna,
XingXing Zu and
David Gurzick
International Journal of Information Security and Privacy (IJISP), 2021, vol. 15, issue 4, 31-53 Abstract: Security questions are considered a viable alternative for secondary and supplementary authentication. Security questions are susceptible to three types of attacks: blind (brute force), focused guess (statistical), and observation (research/personal). This research outlines how informing users of potential security threats through a security meter may improve security with minimal impact on usability and trust. A security-question authentication model is proposed that builds on the strengths of security question responses, chiefly their ease of recall and higher entropy, while mitigating the core weaknesses of the model, which are the lack of uniform answers and public accessibility to answers. Users that were made aware of the entropy of their responses were more likely to provide stronger responses to the security questions without affecting the repeatability of the responses to the questions but negatively impacting the memorability. Date: 2021 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:igg:jisp00:v:15:y:2021:i:4:p:31-53 Access Statistics for this article International Journal of Information Security and Privacy (IJISP) is currently edited by Yassine Maleh More articles in International Journal of Information Security and Privacy (IJISP) from IGI Global |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.