Abstract | ||
---|---|---|
A recent study found that the widely-used secret questions for Web authentication can easily be guessed. The study focused on making secret questions easier to remember for the user and harder to break by others. Our approach is authentication through the use of an individual's personal and dynamic Internet activities. We hypothesize that frequently-changing secret questions will be hard for attackers to guess. We propose three major categories of questions that are based off of user activities: network activities (e.g., browsing history, emails); physical events e.g., planned meetings, calendar items); conceptual opinions (e.g., opinions as derived from browsing, emails). Our preliminary results are encouraging and show that this new direction is promising. To improve the usability, in particular nonintrusiveness, of such a dynamic secret-question system, we also describe a concrete client-server architecture and security model for automating our authentication systems through utilizing existing artificial intelligent techniques. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1145/1655062.1655067 | SafeConfig |
Keywords | Field | DocType |
dynamic secret-question system,browsing history,robust authentication system,user activity,web authentication,recent study,activity-based personal question,dynamic internet activity,authentication system,widely-used secret question,secret question,calendar item,authentication,opinion,usability,client server architecture,security,artificial intelligent,activity,active network,security model | World Wide Web,Architecture,Internet privacy,Authentication,Computer science,Computer security,Usability,Multi-factor authentication,Computer security model,Web authentication,The Internet | Conference |
Citations | PageRank | References |
9 | 0.56 | 5 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Anitra Babic | 1 | 9 | 0.56 |
Huijun Xiong | 2 | 96 | 6.60 |
Danfeng Yao | 3 | 965 | 74.85 |
Liviu Iftode | 4 | 2112 | 148.14 |