备用认证的个人知识问题:Facebook时代的安全问题

Symposium On Usable Privacy and Security Pub Date : 2008-07-23 DOI:10.1145/1408664.1408667

A. Rabkin

{"title":"备用认证的个人知识问题:Facebook时代的安全问题","authors":"A. Rabkin","doi":"10.1145/1408664.1408667","DOIUrl":null,"url":null,"abstract":"Security questions (or challenge questions) are commonly used to authenticate users who have lost their passwords. We examined the password retrieval mechanisms for a number of personal banking websites, and found that many of them rely in part on security questions with serious usability and security weaknesses. We discuss patterns in the security questions we observed. We argue that today's personal security questions owe their strength to the hardness of an information-retrieval problem. However, as personal information becomes ubiquitously available online, the hardness of this problem, and security provided by such questions, will likely diminish over time. We supplement our survey of bank security questions with a small user study that supplies some context for how such questions are used in practice.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"114 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"220","resultStr":"{\"title\":\"Personal knowledge questions for fallback authentication: security questions in the era of Facebook\",\"authors\":\"A. Rabkin\",\"doi\":\"10.1145/1408664.1408667\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security questions (or challenge questions) are commonly used to authenticate users who have lost their passwords. We examined the password retrieval mechanisms for a number of personal banking websites, and found that many of them rely in part on security questions with serious usability and security weaknesses. We discuss patterns in the security questions we observed. We argue that today's personal security questions owe their strength to the hardness of an information-retrieval problem. However, as personal information becomes ubiquitously available online, the hardness of this problem, and security provided by such questions, will likely diminish over time. We supplement our survey of bank security questions with a small user study that supplies some context for how such questions are used in practice.\",\"PeriodicalId\":273244,\"journal\":{\"name\":\"Symposium On Usable Privacy and Security\",\"volume\":\"114 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-07-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"220\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Symposium On Usable Privacy and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1408664.1408667\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symposium On Usable Privacy and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1408664.1408667","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 220

摘要

安全问题(或质疑问题)通常用于验证丢失密码的用户。我们检查了一些个人银行网站的密码检索机制，发现其中许多部分依赖于具有严重可用性和安全弱点的安全问题。我们在观察到的安全问题中讨论模式。我们认为，今天的个人安全问题的强度归功于信息检索问题的硬度。然而，随着个人信息在网上变得无处不在，这个问题的难度，以及此类问题提供的安全性，可能会随着时间的推移而降低。我们用一个小的用户研究来补充我们对银行安全问题的调查，该研究为如何在实践中使用此类问题提供了一些背景。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Personal knowledge questions for fallback authentication: security questions in the era of Facebook

Security questions (or challenge questions) are commonly used to authenticate users who have lost their passwords. We examined the password retrieval mechanisms for a number of personal banking websites, and found that many of them rely in part on security questions with serious usability and security weaknesses. We discuss patterns in the security questions we observed. We argue that today's personal security questions owe their strength to the hardness of an information-retrieval problem. However, as personal information becomes ubiquitously available online, the hardness of this problem, and security provided by such questions, will likely diminish over time. We supplement our survey of bank security questions with a small user study that supplies some context for how such questions are used in practice.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Symposium On Usable Privacy and Security

自引率

0.00%

发文量