3,413 research outputs found
Changing users' security behaviour towards security questions: A game based learning approach
Fallback authentication is used to retrieve forgotten passwords. Security
questions are one of the main techniques used to conduct fallback
authentication. In this paper, we propose a serious game design that uses
system-generated security questions with the aim of improving the usability of
fallback authentication. For this purpose, we adopted the popular picture-based
"4 Pics 1 word" mobile game. This game was selected because of its use of
pictures and cues, which previous psychology research found to be crucial to
aid memorability. This game asks users to pick the word that relates to the
given pictures. We then customized this game by adding features which help
maximize the following memory retrieval skills: (a) verbal cues - by providing
hints with verbal descriptions, (b) spatial cues - by maintaining the same
order of pictures, (c) graphical cues - by showing 4 images for each challenge,
(d) interactivity/engaging nature of the game.Comment: 6, Military Communications and Information Systems Conference
(MilCIS), 2017. arXiv admin note: substantial text overlap with
arXiv:1707.0807
A Model for Enhancing Human Behaviour with Security Questions: A Theoretical Perspective
Security questions are one of the mechanisms used to recover passwords.
Strong answers to security questions (i.e. high entropy) are hard for attackers
to guess or obtain using social engineering techniques (e.g. monitoring of
social networking profiles), but at the same time are difficult to remember.
Instead, weak answers to security questions (i.e. low entropy) are easy to
remember, which makes them more vulnerable to cyber-attacks. Convenience leads
users to use the same answers to security questions on multiple accounts, which
exposes these accounts to numerous cyber-threats. Hence, current security
questions implementations rarely achieve the required security and memorability
requirements. This research study is the first step in the development of a
model which investigates the determinants that influence users' behavioural
intentions through motivation to select strong and memorable answers to
security questions. This research also provides design recommendations for
novel security questions mechanisms.Comment: 11, Australasian Conference on Information Systems, 201
Reflections on Soviet New Thinking on Security Questions
These are momentous times. It does not take a Toynbee to grasp that we are living in a period when great empires, built on the blood, the sacrifice, the lives of millions of martyrs and victims, are beginning to crack at the seams
Generating repudiable, memorizable and privacy preserving security questions using the Propp Theory of Narrative
Security questions are often based on personal information that is limited in variety, available in the public record and very difficult to change if compromised. A personalized folktale shared only by the communicating parties provides memorizable basis for individualized security questions that can be readily replaced in the event of a security breach. We utilize the Propp theory of narrative to provide a basis of abstraction for story generation systems. We develop a proof-of-concept system based on placeholder replacement to demonstrate the generation of repudiate and memorizable questions and answers suitable for online security questions. A 3-component protocol is presented that demonstrates the use of this process to derive a shared secret key through privacy amplification. This combination of story generation and communication security provides the basis for improvements in current security question practice
A Serious Game Design: Nudging Users’ Memorability of Security Questions
Online review communities thrive on contributions from different reviewers, who exhibit a varying range of community behaviors. However, no attempt has been made in the IS literature to cluster behavioral patterns across a reviewer population. In this paper, we segment the reviewers of a popular review site (Yelp) using two-step cluster analysis based on four key attributes (reviewer involvement, sociability, experience, and review quality), resulting in three distinct reviewer segments - Enthusiasts, Adepts, and Amateurs. We also compare the propensity of receiving community recognition across these segments. We find that the Enthusiasts, who show high involvement and sociability, are the most recognized. Surprisingly, the Adepts, who are high on review quality, are the least recognized. The study is a novel attempt on reviewer segmentation and provides valuable insights to the community managers to customize strategies to increase productivity of different segments
- …